Weekly Security Roundup: Secret Scanning, Passkeys, and Mobile Signing
Updates cover enhanced secret scanning, secure authentication strategies, and cybersecurity best practices.
This Week's Overview
- GitHub Secret Scanning and Automated Analysis Enhancements
- Secure Authentication Strategies in Cloud and Mobile
- Other Security News
GitHub Secret Scanning and Automated Analysis Enhancements
GitHub expanded secret scanning with new detection patterns for Azure, Databricks, Discord, and other platforms. Additions include EC and PKCS#8 key support, and notifications for gists. Discord bot token alerts and AWS key validation increase metadata for better incident response. CodeQL 2.23.6 updates add Swift, Rust, and C# detection, as well as queries for insecure cookies.
- GitHub Secret Scanning Updates and New Patterns — November 2025
- CodeQL 2.23.6 Update: New C# Security Queries and Language Enhancements
Secure Authentication Strategies in Cloud and Mobile
Guides now cover device-bound passkeys in Microsoft Entra ID for policy-driven identity and strong authentication. Device-Bound Request Signing (DBRS) for mobile apps is outlined, with recommendations for crypto, security modeling, and cross-platform deployments.
- Entra Synced Passkeys and Passkey Profiles
- Securing Sensitive Mobile Operations with Device-Bound Request Signing
Other Security News
Enterprise cybersecurity priorities for 2025 include asset discovery, network segmentation, endpoint hardening, phishing-resistant MFA, and comprehensive use of Microsoft identity and DNS/SMTP protections. Guidance also covers layered defense and cooperative response readiness.