Phoenix IT

Category: Domain & Hosting

Microsoft to Block Unauthorized Scripts in Entra ID Logins with 2026 CSP Update

Microsoft to Block Unauthorized Scripts in Entra ID Logins with 2026 CSP Update

Microsoft has announced plans to improve the security of Entra ID authentication by blocking unauthorized script injection attacks starting a year from now. The update to its Content Security Policy (CSP) aims to enhance the Entra ID sign-in experience at “login.microsoftonline[.]com” by only letting scripts from trusted Microsoft domains run. “This update strengthens security and

Read More
CISA Warns of Actively Exploited Critical Oracle Identity Manager Zero-Day Vulnerability

CISA Warns of Actively Exploited Critical Oracle Identity Manager Zero-Day Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a critical security flaw impacting Oracle Identity Manager to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability in question is CVE-2025-61757 (CVSS score: 9.8), a case of missing authentication for a critical function that can result in pre-authenticated remote code execution.

Read More
Apple Backports Fix for CVE-2025-43300 Exploited in Sophisticated Spyware Attack

Apple Backports Fix for CVE-2025-43300 Exploited in Sophisticated Spyware Attack

Apple on Monday backported fixes for a recently patched security flaw that has been actively exploited in the wild. The vulnerability in question is CVE-2025-43300 (CVSS score: 8.8), an out-of-bounds write issue in the ImageIO component that could result in memory corruption when processing a malicious image file. “Apple is aware of a report that

Read More
Microsoft 365 Outage Disrupts Teams, Azure, and Global Services

Microsoft 365 Outage Disrupts Teams, Azure, and Global Services

Starting at approximately 7:40 AM UTC, Microsoft Corporation experienced a significant, widespread service disruption, impacting its global network of cloud services. The company confirmed it is investigating the issue, which appears to stem from a critical internal failure. According to Microsoft, the investigation is focused on load balancing infrastructure and a significant capacity loss across

Read More