Browse Security News (276)

Taesoo Kim explains how Microsoft’s MDASH agentic scanning system moved from a benchmark win into real engineering workflows, feeding validated findings into Microsoft Defender, GitHub Advanced Security, and Azure DevOps. The post breaks down recent CVEs found across Windows and identity components, plus what pipeline changes improved results and what still fails.

Allison summarizes June 2026 improvements to GitHub secret scanning, including new detectors, expanded push protection defaults, added validity checks for more secret types, and richer metadata on detections to help teams prioritize remediation.

Rob Lefferts summarizes Microsoft’s positioning as a Leader in Forrester’s 2026 XDR Wave and explains the security platform themes Microsoft is emphasizing: cross-domain signal correlation, attack disruption, built-in threat intelligence, and SOC workflows powered by Microsoft Defender, Microsoft Sentinel, and Security Copilot.

Allison announces a new GitHub Copilot enterprise governance control that lets admins disable bypassing permission prompts (“yolo mode” / auto-approve) in Copilot clients. The update explains where to place the enterprise-managed settings file, how it’s applied to licensed users, and which VS Code versions respect the policy.

Sandeep Deo explains how AI is speeding up identity-based attacks and what Microsoft is changing across Entra and Defender to help teams prevent, detect, and respond faster. The post highlights unified identity risk scoring, improved Entra ID Protection views, least-privilege response roles, and agent-driven recommendations for Conditional Access.

Allison announces that GitHub Code Quality moves from public preview to general availability on July 20, 2026, including new org-level rollout and reporting features plus a new pricing model that combines per-committer licensing with metered AI usage and GitHub Actions minutes for CodeQL scans.

Allison announces an update to GitHub Code Quality that lets organization admins enable or disable Code Quality across all repositories with a single org-level toggle, making it easier to roll out consistent code quality checks at scale on supported GitHub plans.

Chris Welsch reports on İmeceMobil, an agriculture platform built on Microsoft Azure that helps Turkish farmers use AI-driven satellite imagery analysis, hyperlocal weather alerts, and expert guidance to improve crop decisions. The piece also highlights the Azure services and security tooling used to run the app at scale.

diptiborkar announces new Microsoft Fabric and Azure Databricks interoperability that lets teams use Microsoft OneLake as a shared, native storage layer, including GA read access and beta support for writing Unity Catalog managed tables. The post also frames OneLake as a governed data and context foundation for analytics and AI agent workloads.

Jeff Pinkston summarizes a year of real-world email security benchmarking data comparing Microsoft Defender with SEG and ICES vendors, highlighting where layered defenses help most and where Defender’s detection and remediation have improved over four quarters.

Allison announces GitHub Enterprise Server (GHES) 3.21 general availability, highlighting updates for enterprise admins including organization custom properties for targeting rulesets, GitHub Projects hierarchy view, a new REST API version with breaking changes, GitHub Actions workflow page performance improvements, secret scanning governance updates, and multi-disk storage configuration.

Allison announces an update to GitHub Actions where pull requests opened by github-actions[bot] can run CI/CD workflows after a user with write access approves them, reducing the risk of merging untested bot changes while keeping a security gate for workflows that can access sensitive data.

Natalie Guevara explains how GitHub improved secret scanning alert quality by adding LLM-based contextual verification, reducing false positives while keeping detection coverage. The post breaks down where verification fits in the pipeline, what “better context” means in practice, and the measured impact on customer-confirmed false positive alerts.

Allison announces that GitHub Agentic Workflows can now authenticate using GitHub Actions’ built-in GITHUB_TOKEN instead of a personal access token, reducing the risk of long-lived credentials and enabling organization-level billing for Copilot CLI usage in agentic workflows.

Laura Jiang announces Copilot Autofix in limited private preview for GitHub Advanced Security for Azure DevOps, which generates suggested fixes for supported CodeQL alerts and turns them into pull requests. The post explains what’s covered in preview, how the workflow fits into existing review gates, and how usage is billed via Azure.

analyticanna introduces Rayfin (Preview), an open-source SDK and CLI for turning content like markdown into shareable, hosted sites deployed as first-class items in Microsoft Fabric, with stable URLs, workspace-based access control, and data captured into a SQL database in Fabric for use across OneLake workloads.

Aaron Merrill announces a preview feature in Microsoft Fabric’s OneLake catalog that lets admins assign, edit, and remove workspace role memberships across multiple workspaces from the Secure tab, helping teams standardize access controls and reduce drift as Fabric estates scale.

Mehrnoosh Sameki, Sandeep Atluri, Minsoo Thigpen and Abby Palia introduce ASSERT, an open-source framework that turns natural-language behavior requirements into executable evaluation pipelines for AI models and agents, generating taxonomies, stratified test cases, traces, and scored results that teams can inspect and iterate on.

Allison announces incremental CodeQL analysis for Go and C/C++ pull request scans, plus incremental support in the CodeQL CLI, with measured speedups across thousands of repositories and details on when the feature is enabled by default.

Allison announces an experimental public preview feature in GitHub Copilot CLI: a /security-review command that reviews local code changes for common vulnerability classes and returns severity- and confidence-scored findings plus actionable fixes directly in the terminal.

.NET Team announces .NET 11 Preview 5 and highlights what’s new across the runtime, SDK, libraries, C#, ASP.NET Core, .NET MAUI, and Entity Framework Core, with links to detailed release notes and guidance on installing the preview SDK and tooling.

Rahul Bhandari and Tara Overfield recap the June 2026 servicing releases for .NET and .NET Framework, including the CVEs addressed in .NET 10.0.9, 9.0.17, and 8.0.28, plus links to release notes, installers, container images, Linux packages, and known issues.

The Microsoft Foundry Team announces Claude Fable 5 (Anthropic) is now available in Microsoft Foundry, and explains how it’s used to power autonomous agents in Foundry Agent Service and GitHub Copilot, with an emphasis on enterprise guardrails, governance controls, and token-based pricing.

Natalie Guevara explains how to define and run custom agents in GitHub Copilot CLI so repeated terminal tasks become consistent, reviewable workflows. The article shows how agent profiles live in your repo, and includes practical examples for security audits, IaC compliance checks, release notes drafting, and incident response.

Allison announces an update to GitHub code scanning that lets organizations keep security coverage on inactive repositories by running scheduled scans when there have been no pushes or pull requests for six months or more.

Allison announces that GitHub’s security validation for third-party coding agents is now generally available, bringing the same automated checks used for the GitHub Copilot cloud agent to agent-generated pull requests.

Jon Galloway recaps Microsoft Build 2026 with the main developer announcements across GitHub Copilot, Microsoft Foundry, Azure, Windows, Visual Studio, and .NET—highlighting agentic workflows, new tooling, governance specs, and a curated set of sessions and hubs to follow up on what shipped.

Allison announces general availability of IP allow list enforcement for GitHub Enterprise Cloud Enterprise Managed Users (EMUs), extending enterprise network access policies to repositories owned under EMU user namespaces and covering web, Git, and API access.

Natalie Guevara answers common beginner GitHub questions, including how to set up SSH keys, create personal access tokens (fine-grained and classic), resolve merge conflicts, undo commits, sync forks, and review pull requests—plus a quick look at using GitHub Copilot for code review in PRs.

Microsoft Threat Intelligence and the Microsoft Defender Security Research Team break down recent phishing and malvertising campaigns that abuse popular AI brands (including ChatGPT, Claude, DeepSeek, and Microsoft Copilot) as lures, and provide concrete mitigation steps using Microsoft Defender, Entra ID, and related security controls.

shiv_narayanan announces general availability of SharePoint and OneDrive Shortcuts in Microsoft Fabric OneLake, explaining how Fabric can reference Microsoft 365 files in place, optionally transform supported formats into Delta tables, and use Entra ID-based identities for production authentication and scale.

Allison summarizes what’s new in CodeQL 2.25.6 for GitHub code scanning, including Swift 6.3.2 support, full extractor and data flow coverage for C# 14 and .NET 10, and query improvements that expand sensitive-data detection and reduce false positives across multiple languages.

Microsoft Defender Security Research Team, Dor Edry and Amit Eliahu break down a prompt-injection pathway in Anthropic’s Claude Code GitHub Action that could leak CI/CD secrets by reading /proc/self/environ, and provide practical hardening guidance for AI-powered GitHub Actions workflows.

davidwright, Arnaud Lheureux, and Suzanne Daniels explain why architecture and governance frameworks only help when they actively change delivery decisions. Using Git-Ape as the example, they show how to turn Azure Well-Architected, Azure Policy (including NIST mappings), and CAF guidance into repeatable repo-driven assessments with prioritized findings tied to code and policy.

Microsoft AI Red Team updates its agentic AI failure-mode taxonomy based on a year of red team engagements, adding seven new categories and translating real-world attack patterns into practical mitigations teams can apply to deployed agentic systems.

WillT announces the general availability of Microsoft Fabric Operations agent, describing how it uses LLM-driven rule generation plus Real-Time Intelligence monitoring to detect issues, ask clarifying questions, and (with approval) run remediation actions like pipelines, notebooks, UDFs, and Power Automate workflows, with tracing and governance built in.

Allison announces the general availability of Enterprise Teams on GitHub Enterprise Cloud, explaining how enterprise admins can define teams once and reuse them across all organizations for consistent reviewer routing, ruleset bypass configuration, IdP-driven membership via SCIM, and API-based automation with auditing.

IgalAmster announces the general availability of Graph in Microsoft Fabric, a relationship-first graph capability that runs natively on OneLake. The post explains how explicit graph modeling and GQL queries support enterprise-scale reasoning for analytics, ontologies, and Fabric IQ scenarios, including security and impact analysis use cases.

Manoj Bableshwar introduces Foundry Managed Compute, a new Microsoft Foundry capability for deploying open-source and custom AI models on elastic GPU capacity with Foundry-managed runtimes, unified endpoints/SDKs, built-in routing for cache efficiency, and Azure-native governance, networking, and observability.

Linda Li and Maria Naggaga announce new preview capabilities in Azure AI Foundry for scaling production agents: Toolboxes features like Tool Search, Skills, Work IQ/Fabric IQ, Browser Automation, and managed MCP servers, plus Routines in Foundry Agent Service for trigger-based agent runs with governance via Guardrails.