Browse Security News (229)

McKenna Barlow explains that starting in .NET 11 Preview 4 and Visual Studio 18.8, VSTest will stop shipping a transitive Newtonsoft.Json dependency, switching to System.Text.Json (and JSONite on .NET Framework). The post outlines who might break, what errors to expect, and the typical one-line fix.

Jack Batzner shows how to add a governance layer to MCP-based AI agents in .NET using the Agent Governance Toolkit, including policy-driven tool-call authorization, security scanning of tool definitions, response sanitization to reduce prompt-injection risk, and built-in audit/telemetry via OpenTelemetry.

Sergey Menshykh announces A2A Protocol v1.0 support in Microsoft Agent Framework for .NET, showing how to discover and call remote A2A agents, stream responses, and host your own agents as A2A endpoints in ASP.NET Core with updated v1 hosting APIs and migration notes from v0.3.

Alexis Wales explains how GitHub validated, fixed, and investigated a critical remote code execution issue in the git push pipeline, including what caused the injection, how GitHub confirmed no exploitation on github.com, and what GitHub Enterprise Server admins should patch and review.

Microsoft Defender Security Research Team explains how Microsoft Sentinel UEBA enriches AWS CloudTrail logs with simple true/false behavioral signals and built-in anomalies, helping detection engineers write simpler KQL, reduce false positives, and triage suspicious AWS activity faster.

Vlad Fedorov shares what GitHub is changing after two recent availability incidents, including scaling work driven by rapid growth in pull requests and API usage, plus concrete reliability efforts like service isolation, caching improvements, and continued migration to Azure and a future multi-cloud posture.

stclarke announces that Azure Local can now scale to thousands of servers in a single sovereign environment, aimed at regulated and mission-critical workloads. The post highlights disconnected operations, local policy/RBAC/auditing controls, and hardware options (validated compute/storage, GPUs) for running data-intensive workloads within a sovereign boundary.

Allison announces an upcoming change to GitHub App installation token format, including Actions-issued GITHUB_TOKEN. The update moves to a longer, stateless JWT-based token and calls out common breakpoints like hardcoded token-length checks, regex validation, and too-small database columns.

Josef Sin explains what the Axios npm supply chain compromise means for Azure Pipelines users, who is and isn’t impacted, and what to do if your CI/CD runs may have installed the malicious versions—covering agent types, service connections, cache cleanup, and practical mitigation steps.

Naomi Moneypenny announces GPT-5.5 general availability in Microsoft Foundry and explains what’s new (agentic coding, long-context reasoning, token efficiency) plus how Foundry Agent Service helps run hosted agents with isolation, Entra identity, and governance for production use.

Allison announces an improvement to GitHub’s supply chain security tooling: Python dependency graphs can now be generated via a new Dependabot job that submits dependency snapshots to the Dependency Submission API, producing more complete transitive dependency trees and SBOMs across pip, uv, and Poetry projects.

Eduard van Valkenburg explains how CodeAct support in Microsoft Agent Framework uses Hyperlight micro-VM sandboxes to collapse multi-step tool-calling plans into a single execute_code turn, reducing latency and token usage, and outlines when this approach is (and isn’t) a good fit.

Microsoft Fabric Blog announces a preview feature for OneLake: resource instance rules, which let Fabric workspace admins allow inbound access from specific Azure resource identities (ARM IDs) instead of relying on IP allowlists, while still working alongside Private Link and IP firewall rules.

Microsoft Fabric Blog announces general availability of cross-workspace logging for MLflow in Microsoft Fabric, enabling teams to promote experiments and registered models across Dev/Test/Prod workspaces using standard MLflow APIs, with support for enterprise network controls like Outbound Access Protection and managed private endpoints.

Linda Li, Maria Naggaga, and Ronak Chokshi introduce Toolboxes in Azure AI Foundry (public preview), a way to centrally curate and govern tool integrations and expose them via a single MCP-compatible endpoint so different agent runtimes can reuse the same tools without per-agent wiring.

Takuto Higuchi and jeffhollan outline an end-to-end path for building production AI agents with Microsoft Agent Framework v1.0 and Azure AI Foundry: local dev in VS Code, multi-agent composition, managed memory, tool access, hosted runtime, and observability (tracing, evaluations, red teaming) through to publishing in Teams/Microsoft 365.

Takuto Higuchi, Jeff Hollan, and Lakshmi Ramakrishnan announce Hosted Agents in Foundry Agent Service (public preview), a production-oriented runtime for AI agents with per-session VM isolation, persistent filesystem state across scale-to-zero, integrated identity (OBO), VNet egress control, and built-in observability.

Jack Batzner explains why MCP needs a governance layer between tool discovery and execution, then introduces Microsoft’s open-source Agent Governance Toolkit (AGT) for deterministic per-call policy checks, response inspection, identity, and audit logging to reduce agentic risks like tool poisoning and prompt injection.

Ales Holecek explains how Microsoft is adapting security practices for AI-accelerated threats, including AI-led vulnerability discovery in SDL, faster Defender detections tied to updates, and exposure-reduction guidance via Microsoft Security Exposure Management (Secure Now), plus work with Anthropic models evaluated using CTI-REALM.

Abhishek Narain announces the general availability of workspace outbound access protection (OAP) for Microsoft Fabric Data Factory workloads, explaining how workspace admins can restrict outbound connections to trusted endpoints to improve security, prevent data exfiltration, and support compliance needs.