Browse Security News (202)

Nick Brady’s March 2026 digest for Microsoft Foundry (Azure AI Foundry) covers major GA releases like Foundry Agent Service, GPT-5.4 family models, evaluations with continuous monitoring into Azure Monitor, private networking, and SDK 2.0 updates across Python, JS/TS, Java, and .NET—plus guardrails and third-party runtime security integrations.

Dylan Birtolo announces that organization admins and security managers can now open a GitHub Copilot experience from Code Security and secret risk assessment results to get contextual explanations and guided next steps.

Rob Lefferts and David Weston outline what an “agentic SOC” could look like over the next decade, combining autonomous, policy-bound defenses with AI agents that assemble context and orchestrate investigations so humans can focus on judgment, governance, and risk-driven security outcomes.

Microsoft Incident Response (DART) analyzes Storm-2755 “payroll pirate” attacks targeting Canadian users, detailing how adversary-in-the-middle session hijacking bypasses MFA, what signals to hunt for in Entra and Defender, and practical remediation steps including token revocation, Conditional Access hardening, and inbox-rule cleanup.

The Microsoft Defender Security Research Team analyzes a severe Android intent-redirection flaw in the EngageSDK that could let a malicious app abuse another app’s identity to reach protected components and data, and explains what developers should update and review to avoid similar SDK-driven risks.

Microsoft Fabric Blog (with coauthor Arindam Chatterjee) summarizes Q1 2026 updates for Fabric Eventstreams, covering new connectors (DeltaFlow, MQTT v3, Anomaly Detection), tighter Spark Structured Streaming/Notebook integration, and enterprise networking and security features like private network ingestion and Key Vault-backed custom CA + mTLS.

Microsoft Fabric Blog announces a preview feature that lets you associate a user, service principal, or managed identity with Fabric items (currently Lakehouses and Eventstreams) so those items no longer depend on the original owner’s credentials.

Allison summarizes GitHub Secret Scanning updates that make security automation easier: a new REST API exclusion filter, richer webhook payloads (including user-facing URLs), clearer delegated-bypass emails, additional closure-request fields, and a fix for a delegated-closure resolution comment bug.

Allison announces GitHub’s free Code Security risk assessment for organization admins and security managers, summarizing vulnerabilities across repositories and pointing to remediation guidance, including where Copilot Autofix can suggest fixes.

Rachel Cohen shares a call for sessions for GitHub Universe (Oct 28–29) and highlights five memorable past talks—covering Git workflow tips, secure GitHub Actions patterns with Copilot, GitHub Advanced Security, Kubernetes security training themes, and Copilot Autofix-style AI-assisted remediation.

Allison announces an updated PGP keyring for GitHub CLI (gh) Linux package repositories, adding a replacement signing key and explaining who needs to rerun install steps before the current key expires on September 5, 2026.

Lily Ma explains how to connect an MCP server hosted on Azure Functions to Microsoft Foundry agents, focusing on setup steps and the trade-offs between key-based auth, Microsoft Entra ID (managed identity), OAuth identity passthrough, and unauthenticated access.

Lilian Kasem (she/her) introduces a new Fluent API for building MCP Apps with Azure Functions (.NET isolated worker), showing how to turn an MCP tool into a UI-capable app and configure views, permissions, and CSP security policies with a small amount of code.

Jeffrey Fritz walks through GitHub Copilot’s application modernization assessment report, showing how it drives planning and execution for migrating .NET or Java apps to Azure, including issue triage (cloud readiness, upgrades, security), target compute comparisons (App Service/AKS/Container Apps), and downstream IaC and deployment outputs.

Allison explains a GitHub Advanced Security update that uses Dynatrace runtime context to help teams prioritize code scanning and Dependabot alerts based on what’s actually deployed and the observed runtime risk in Kubernetes environments.

Allison announces a GitHub feature that lets you assign Dependabot alerts to AI coding agents (including GitHub Copilot) to analyze vulnerabilities and open draft pull requests with proposed fixes, with guidance on when it helps and why human review is still required.

Microsoft Threat Intelligence breaks down how the Forest Blizzard (STRONTIUM) actor compromises SOHO routers to hijack DNS and selectively perform TLS adversary-in-the-middle attacks, and provides concrete mitigations plus Microsoft Defender and Entra ID hunting guidance.

Allison announces a GitHub update that lets developers batch-apply code scanning alert fix suggestions directly in a pull request’s Files changed tab, reducing repeated scans and speeding up remediation and review.

Microsoft Fabric Blog announces a preview feature for Fabric Eventstream connectors that adds support for custom Certificate Authorities and mutual TLS, using Azure Key Vault to store and rotate certificates for Kafka-based streaming sources.

Allison announces that npm Trusted Publishing now supports CircleCI as an OIDC provider, enabling credentialless releases from CI/CD workflows, and notes that npmjs.com dark mode was built using GitHub Copilot agent mode.