Weekly Security Roundup: Vulnerabilities, Identity, and AI Guardrails
Security news this week focused on high-profile vulnerabilities, identity defense, and practical, developer-centric solutions for securing the modern stack.
Critical Vulnerabilities and Sophisticated Threats
Microsoft uncovered macOS ‘Sploitlight’ (CVE-2025-31199), a serious bypass allowing Spotlight plugins to sidestep privacy controls and steal user data. Their analysis underscores the need to patch promptly and monitor for plugin abuse. Concurrently, Russian group Secret Blizzard was found targeting diplomats with advanced AiTM and root cert hijacks; mitigations include enhanced MFA, admin rights control, and vigilant certificate monitoring.
- Spotlight-based macOS TCC Vulnerability CVE-2025-31199: Analysis by Microsoft Threat Intelligence
- Russian Threat Actor Secret Blizzard's AiTM Campaign Targets Diplomats with ApolloShadow Malware
Identity Threat Detection and Endpoint Management
Microsoft’s new Identity Threat Detection and Response platform merges identity management with security operations, enabling unified detection/response across hybrid environments and dramatically improving administrator workflow. Comprehensive walkthroughs for onboarding Defender for Endpoint cover health, registry, and log-based monitoring for robust device security.
- Modernize Your Identity Defense with Microsoft Identity Threat Detection and Response
- Determine Onboarding Methods in Defender for Endpoint - Part 1
Securing the AI Lifecycle and Agent-Based Systems
AI adoption demands robust governance and compliance—practical guidance now covers full-team, policy-driven approaches for AI agents in tightly regulated environments, including data loss prevention, monitoring, and secure API surfacing. Microsoft, partners, and the community provide actionable MCP server hardening tips (OAuth 2.1, prompt injection defense) and VS Code-integration for secure agent development.
- Mastering Agent Governance in Microsoft 365
- MCP In Production: Building Secure and Agent-Ready Model Context Protocol Servers
- MCP Security Best Practices
Developer Security Hygiene and Tooling
Security checks for AI model code are increasingly critical; practical sessions at Build 2025 emphasize using trusted model registries, automated scanning, and Microsoft’s Secure Future Initiative for best pipeline hygiene. Suricata and ELK showcase modern threat detection, and the new AspNetCore.SecurityKey package simplifies extensible API key authentication for ASP.NET Core.
- Do you security check AI models you pull from online repos?: Developer Security Quick Fire Questions
- Open Source Friday with Suricata - Real-Time Threat Detection
- AspNetCore.SecurityKey: API Key Authentication for ASP.NET Core Applications
Streamlined Audit Logging and Compliance
Fabric Warehouse now features a visual audit log configuration UI, moving compliance tasks away from code to a simple, unified administrative pane—reducing risks and making regulatory requirements easier to satisfy.