Browsing: Tech

Tech

Michigan GOP Proposes ‘Anticorruption of Public Morals Act’ to Ban Porn, Erotic ASMR, and Trans Depictions Online

4 Mins Read

A group of Michigan lawmakers has introduced House Bill 4938, called the “Anticorruption of Public Morals Act”, which would broadly prohibit pornographic content, descriptions or depictions of transgender people (in certain gender-expression contexts), erotic or ASMR voice content intended to arouse, and require platforms and internet service providers to block, remove, or filter such material. The bill also threatens felony penalties—potentially up to 20 years in prison and large fines—for distributing or enabling access to the specified content, with harsher penalties if more than 100 pieces of prohibited material are involved. Proponents argue the measure is needed to “defend children, safeguard communities, and put families first,” claiming existing laws are outdated for the digital age; critics warn it could violate free-speech rights and lead to censorship of legitimate expression.
Sources:
CBS News
,
FOX 2 Detroit
Key Takeaways
– The bill seeks to outlaw not just explicit sexual acts, but also erotic audio content (like ASMR), and descriptions of transgender identities in some forms—setting a very wide scope for what is considered disallowed content.
– Strong enforcement measures are proposed: felony charges, steep fines, requirement for platforms and ISPs to actively filter, moderate, and block content; plus potential registration for distributors as sex offenders.
– There is serious tension between the bill’s goals and constitutional protections (free speech, expression, and possibly rights of LGBTQ+ individuals), meaning legal challenges are likely if it proceeds.
In-Depth
Michigan may be on the cusp of passing one of the most sweeping state laws in recent years regarding adult content online, with the introduction of House Bill 4938—or the Anticorruption of Public Morals Act—by a group of GOP legislators. If enacted, this law would radically redefine what kinds of sexual or gender content are legal to distribute, view, or even produce within the state. Its reach isn’t limited to what many would traditionally call porn; it expands to include erotic ASMR (autonomous sensory meridian response) voice content, sensual or sexual voice work, animated or AI-generated content, and depictions or descriptions of transgender identity in certain forms (particularly when gender expression diverges from biological sex via prosthetics, attire, trailing into reproduction tropes).
The penalties are severe: individuals or platforms that distribute such content could face felonies, with prison sentences up to 20 years—and even steeper penalties, up to 25 years, when more than 100 discrete pieces of prohibited content are involved. Fines could run in the tens or hundreds of thousands of dollars. Enforcement mechanisms proposed include mandatory content filters, active moderation by platforms and ISPs, and requirements to block tools like VPNs that can circumvent filters.
On the pro side, bill sponsors argue this is necessary to protect minors, defend morality, and address online content that they say existing laws don’t adequately cover. Representative Josh Schriver and co-sponsors claim digital age realities—streaming, AI, voice-audio, etc.—make older obscenity statutes insufficient.
On the other hand, constitutional law scholars, civil liberties groups, and free speech advocates warn that such a law would likely face serious legal challenges: First Amendment concerns, vagueness in definitions (e.g. “primary purpose of arousal” or “disconnection between biology and gender”), overbreadth, the very real risk of chilling effects on LGBTQ+ expression, artistic works, academic discussion, and even everyday speech.
As of now, the bill has been referred to the House Judiciary Committee, but no hearings have been scheduled. The path forward is uncertain: legislative votes, possible amendments, and very likely court scrutiny. Michigan’s governor and state Democratic leadership will also play big roles in whether this becomes law. All in all, this proposal arguably stands among the more aggressive state-level efforts to regulate sexual and gendered content in the digital age—a conservative push raising questions not just about content but about identity, expression, privacy, and the limits of state power.

Tech

Microsoft 365 Users Hit by Sneaky Phishing via ‘Trusted’ Email Wrappers

2 Mins Read

A new, sophisticated phishing campaign is exploiting Microsoft’s own infrastructure—Active Directory Federation Services (ADFS) and trusted office.com redirects—to harvest Microsoft 365 credentials. Malicious actors deploy malvertising, leading users from legitimate ads (e.g. for “Office 365”) through trusted Microsoft domains like outlook.office.com, before redirecting them to attacker-controlled phishing sites. By leveraging ADFS configurations within a valid Microsoft tenant, these redirects appear authentic to both users and security filters, enabling credential theft and even bypassing MFA protections. Security researchers urge organizations to closely monitor ADFS redirect chains, analyze Google ad parameters directing to office.com, and deploy enterprise-wide ad blockers as part of effective risk mitigation.
Sources:
Bleeping Computer
,
Computing.co.uk
,
Cyber Security News
Key Takeaways
– The attack—dubbed “ADFSjacking”—abuses Microsoft’s ADFS infrastructure and valid redirects to masquerade phishing pages as authentic, thereby evading standard security tools.
– Conditional loading and intermediary domains (like faux travel blogs) further mask the redirection chain, returning non-target users to legitimate sites.
– Mitigation measures include monitoring for unusual ADFS redirects, inspecting Google ad traffic parameters for office.com, and deploying ad blockers and behavioral detection systems.
In-Depth
In a troubling escalation of cyber threats, attackers are now weaponizing Microsoft’s own identity infrastructure to probe and steal user credentials without drawing suspicion. Known as “ADFSjacking,” this strategy harnesses active directory federation services (ADFS) and trusted office.com redirects to construct a near-perfect phishing environment.
Users clicking on seemingly legitimate ads for Office 365 are funneled through outlook.office.com—giving the impression that everything is safe—before being funneled to cleverly masked credential-stealing pages. These redirects are made possible through attacker-controlled Microsoft tenants that orchestrate the redirection flow, manipulating ADFS to appear benign to security systems and users alike.
The sophistication is further evidenced by conditional loading: only the intended victim sees the phishing page, while others are harmlessly bounced back to the real Microsoft site. This stealth approach also taps into reverse-proxy techniques and token theft to sidestep multi-factor authentication.
Organizations must recalibrate their defenses accordingly: look for ADFS redirect chains targeting unknown domains, inspect Google ad-to-office.com traffic for suspicious parameters, enforce enterprise ad-blocking measures, and shift toward behavior-based detection tools that identify anomalies rather than relying solely on URL filtering. In the game of phishing, leveraging the trust of infrastructure yields powerful rewards for attackers—but informed vigilance can still level the playing field.