Browse Security Blogs (21)

DevClass.com reports on how Microsoft Azure CTO Mark Russinovich used Anthropic’s Claude Opus 4.6 AI model to scan 1986 Apple II machine code, finding security vulnerabilities and raising important points about AI’s expanding role in legacy code security.

John Edward provides a comprehensive look at agentic AI in IT, showing how Microsoft Azure and related services create self-healing and intelligent operations through automation, monitoring, and AI-driven incident response.

John Edward outlines the core pitfalls of microservice architecture and offers actionable architectural patterns like API Gateway, Saga, and Circuit Breaker to help architects navigate complexity, deployment, and security concerns in distributed systems.

Thomas Maurer shares the public release of the Sovereign Cloud MicroHack, a Microsoft-led workshop focused on building practical skills in deploying and securing sovereign workloads on Azure and its hybrid services.

Rick Strahl explains how to simplify and automate code signing for Windows binaries using Azure Trusted Signing and the dotnet sign tool, sharing technical setup and scripting tips for secure development workflows.

Rick Strahl shares his experience with failures using the Microsoft timestamp server for code signing and recommends alternative, more reliable servers. The article provides practical advice and example code for secure code signing workflows.

DevClass.com summarizes Filippo Valsorda’s critique of GitHub Dependabot, highlighting the alert fatigue and security concerns faced by developers using automated dependency management tools.

In this workshop summary, DevClass.com reviews Martin Fowler’s event marking 25 years since the Agile Manifesto, highlighting the growing impact of AI on coding, the renewed importance of TDD, and security risks in software development.

John Edward details modern SharePoint architecture for scalable intranets in 2026, focusing on technical practices, security, integration, and governance for Microsoft 365 professionals.

Tim D'haeyer draws on both personal experience and technical depth to guide developers through safely handling special characters in user input, emphasizing SQL injection prevention and robust DevOps practices.

Tim Anderson outlines the Kubernetes committees' warnings and technical reasons for the urgent migration from Ingress NGINX, detailing project deprecation, security issues, and community response.

DevClass.com explores how attackers exploit VS Code's tasks.json files to deploy malicious code, emphasizing security risks, protections, and best practices for developers.

Tim Anderson highlights how attackers weaponize VS Code's tasks.json configuration to execute malicious code, detailing the risks for developers and the security implications.

John Edward presents a clear and practical walkthrough for IT administrators and technical leads on managing external sharing in Microsoft 365, with a strong emphasis on balancing collaboration and security.

Tim Anderson reports on Tenzai's research led by Ori David, highlighting how applications built with 'vibe coding' using AI agents like Claude and Codex tend to be insecure due to common flaws and overlooked best practices.

DevClass.com analyzes security flaws in applications generated by AI coding agents, as reported by researcher Ori David. The article highlights common vulnerabilities in 'vibe-coded' apps—where AI handles most programming—and discusses why manual code review remains critical.

Tim Anderson delivers a detailed analysis of Azure Artifact Signing, Microsoft's new service to streamline and secure code signing for Windows applications, addressing modern security requirements and developer workflows.

DevClass.com provides a technical overview of Microsoft's Azure Artifact Signing, detailing how it improves code signing for Windows apps. The article highlights new workflows, security enhancements, and developer-centric deployment options.

Steve Gordon explains how to use System.Text.Json's TypeInfoResolver modifier for property-level encryption in C#, outlining a practical approach to securing sensitive data that paves the way for future integration with Azure Key Vault.

Jesse Houwing addresses a visibility gap in GitHub Actions security when actions are pinned by SHA. The post details a workflow extension ensuring vulnerabilities are properly surfaced in the Dependency Graph and by Dependabot.