430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Japan passed a law allowing preemptive offensive cyber actions

Japan passed a law allowing preemptive offensive cyber actions, shifting from its pacifist stance to bolster defenses like major Western powers. Japan has enacted the Active Cyberdefense Law, allowing preemptive offensive cyber operations to counter threats before damage occurs. This marks a shift from Japan’s pacifist stance under Article 9, aiming to elevate its cyber […]

Japan Array Networks

Japan passed a law allowing preemptive offensive cyber actions, shifting from its pacifist stance to bolster defenses like major Western powers.

Japan has enacted the Active Cyberdefense Law, allowing preemptive offensive cyber operations to counter threats before damage occurs. This marks a shift from Japan’s pacifist stance under Article 9, aiming to elevate its cyber defense to match major Western powers and enable broader military support to allies.

The law allows government agencies to carry out hacking back operations, infiltrating and neutralizing infrastructure employed by threat actors to target the country and its organizations.

Japan’s new Active Cyberdefense Law also lets authorities preemptively target hostile infrastructure, even before attacks occur. It also enables Self-Defence Forces to aid allies and handle advanced cyber threats, reflecting a shift in the interpretation of Article 9 for national and allied security.

The Japanese government aims to make the new legal framework fully operational by 2027.

“The new law is intended to enable Japan to “identify and respond to cyber attacks more quickly and effectively” according to Yoshimasa Hayashi, Japan’s chief cabinet secretary, who added on Friday that it would help Tokyo “equal or exceed” the cyber capabilities “of major European countries and the US.”” reported The Record Media.

The Japanese government will monitor and analyze IP addresses involved in international communications passing through or to/from Japan. Domestic communications and message content, such as email bodies, are excluded from surveillance.

“A new independent panel will be set up to give prior approval for data acquisition and analysis, as well as for actions to neutralize hostile servers. It will also be tasked with ensuring that government surveillance is being properly conducted.” reported by Kyodo News. “In response to concerns from opposition parties over potential government overreach and violation of the constitutional right to secrecy of communications, the government revised legislation and stipulated specific provisions in the law to uphold personal rights.”

Japan remains a target for both financially motivated threat actors and APT groups.

In April 2025, Japan ’s Financial Services Agency (FSA) warned of hundreds of millions in unauthorized trades linked to hacked brokerage accounts.

In March 2025, a data breach suffered by the Japanese telecom giant NTT exposed information of nearly 18,000 corporate customers.

In December, a cyberattack hit Japan Airlines (JAL), causing the suspension of ticket sales for flights departing on Thursday.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Japan)