Weekly Security Roundup: Secret Scanning, Passkeys, and Mobile Signing
Updates cover enhanced secret scanning, secure authentication strategies, and cybersecurity best practices.
GitHub Secret Scanning and Automated Analysis Enhancements
GitHub expanded secret scanning with new detection patterns for Azure, Databricks, Discord, and other platforms. Additions include EC and PKCS#8 key support, and notifications for gists. Discord bot token alerts and AWS key validation increase metadata for better incident response. CodeQL 2.23.6 updates add Swift, Rust, and C# detection, as well as queries for insecure cookies.
- GitHub Secret Scanning Updates and New Patterns — November 2025
- CodeQL 2.23.6 Update: New C# Security Queries and Language Enhancements
Secure Authentication Strategies in Cloud and Mobile
Guides now cover device-bound passkeys in Microsoft Entra ID for policy-driven identity and strong authentication. Device-Bound Request Signing (DBRS) for mobile apps is outlined, with recommendations for crypto, security modeling, and cross-platform deployments.
- Entra Synced Passkeys and Passkey Profiles
- Securing Sensitive Mobile Operations with Device-Bound Request Signing
Other Security News
Enterprise cybersecurity priorities for 2025 include asset discovery, network segmentation, endpoint hardening, phishing-resistant MFA, and comprehensive use of Microsoft identity and DNS/SMTP protections. Guidance also covers layered defense and cooperative response readiness.