Browse Security News (140)

Allison provides an in-depth overview of the GitHub Enterprise Server 3.20 release candidate, breaking down new security, DevOps, and collaboration features for enterprise development teams.

Allison details the CodeQL 2.24.2 release, highlighting expanded language support, security query updates for Microsoft technologies, and improved detection accuracy for DevOps and security teams.

Microsoft Defender Experts and the Security Research Team provide an in-depth report on a developer-targeted campaign using malicious Next.js repositories that exploit common coding workflows. The analysis details how attackers achieve remote code execution and persistent C2, with actionable security guidance.

stclarke details Microsoft's new Sovereign Cloud capabilities, highlighting how Azure Local, Foundry Local, and Microsoft 365 Local enable secure, governed, and AI-powered operations in fully disconnected, sovereign environments.

stclarke reports on Microsoft’s announcement of new Sovereign Cloud capabilities, enabling organizations to host productivity and AI workloads in fully disconnected, locally controlled environments.

Andrew Conway examines how security teams can leverage Microsoft Defender’s autonomous defenses and expert-led services to modernize SOCs, leveraging AI and expert input for improved cyber resilience.

Allison highlights how GitHub Enterprise Cloud's IP allow list now extends to Enterprise Managed User namespaces, providing unified network access control for organizations.

Adi Shua Zucker presents a maturity-based guide from Microsoft for developing proactive defense strategies using Microsoft Security Exposure Management, offering practical steps and insights for security professionals.

The Microsoft Defender Security Research Team examines the unique security risks of self-hosted agents like OpenClaw, detailing how identity, isolation, and runtime controls are critical for safe deployment.

Samantha Kubota presents Microsoft's new research on how AI impacts public trust in digital media, examining authentication methods and strategies for combating deepfakes and manipulated content.

Allison details improvements to GitHub secret scanning that add extended metadata checks, providing richer context on exposed secrets and supporting more effective remediation for development and security teams.

Allison presents new npm CLI features for secure trusted publishing and improved script security, with practical steps for maintainers and developers.

Steve Lee shares the 2026 investment plans for the PowerShell, OpenSSH, and DSC teams, highlighting upcoming improvements in security, coding productivity, Entra ID integration, and automation.

Gregg Cochran explores how the GitHub Secure Open Source Fund empowered maintainers of 67 crucial AI stack projects to boost software supply chain security—a pivotal effort for global open source safety.

Allison reports on new enterprise-wide credential management features in GitHub Enterprise Cloud, allowing owners to respond swiftly to major security incidents by revoking or blocking credentials and delegating these tasks to trusted admins.

Rob Lefferts presents research from Microsoft and Omdia, revealing how fragmented tools and manual processes are undermining SOC efficiency and security outcomes, and highlights the role of unified platforms and AI-driven automation in modernizing security operations.

Mark Russinovich and Molina Sharma walk through how to design, measure, and operationalize reliability, resiliency, and recoverability on Azure, drawing from Microsoft’s proven frameworks and practical service examples.

stclarke highlights how Shriram Finance, in partnership with Microsoft, uses Azure cloud, Defender for Cloud, Sentinel, and embedded AI to transform digital financial services and deliver scalable, trusted customer experiences across India.

Microsoft Fabric Blog, coauthored by Abhishek Narain, details the general availability of Key-Pair authentication for Snowflake connections—outlining secure setup in Fabric, REST API options, and benefits for enterprise compliance.

stclarke summarizes the Trusted Tech Alliance launch, showcasing Microsoft's and other tech leaders' commitments to principles like transparency, security, and trustworthy global technology solutions.