Weekly Security Roundup: AI Threats, Azure Hardening, DevSecOps

by TechHub

This week’s security resources focus on current AI-enabled threats, organizational safeguards, and workflow improvements for developers and IT teams. Articles address criminal infrastructure disruption, Azure platform upgrades, security process automation, CI/CD management, secret handling, code safety, and secured connectivity—all with practical steps for moving to a more resilient defensive posture.

Criminal VDS Infrastructure and Cybercrime Disruption

Microsoft’s newest threat report describes how the RedVDS service provided cloud-based, anonymous VMs for criminal operations, including email fraud, phishing, and scams. Attackers used tools like Copilot and ChatGPT for local phishing, supported by features like mass mailers and scripting. The report advises administrators to secure M365 tenants, enforce Defender XDR, use multi-factor authentication, and apply DMARC, with linked resources for tracking indicators. Microsoft and law enforcement have taken down the RedVDS infrastructure and related payment services, disrupting active fraud campaigns. The guidance includes practical steps for detection and ongoing defense. This update continues last week's focus on M365 targeting and email security, with Defender and authentication controls top priorities.

Secure Default Hostnames and Log Immutability in Azure

Azure Functions and Logic Apps now have Secure Unique Default Hostnames (GA), giving randomized hostnames by region and reducing DNS exposure. Teams should update infrastructure scripts and templates for secure out-of-the-box deployment. Microsoft Fabric defaults to immutable diagnostic logging for OneLake, using WORM features in Blob Storage to meet audit and regulatory needs. Setup and admin procedures are included, but there are cost tradeoffs and some deletion risk remains; overall, this helps enforce compliance in regulated sectors. These changes build on previous improvements in governance, moving from sensitivity labels to secure, regulated audit trails.

Security Automation and Developer Workflows in Open Source

The new open source GitHub Security Lab Taskflow Agent framework launches this week, providing an agent-based toolkit for vulnerability research and code auditing. It integrates with CodeQL, runs modular YAML “taskflows,” and works in Codespaces, Docker, or local Python. Developers can extend or contribute workflows for bug variant analysis and reproducible testing. The push toward agent-driven automation matches this week’s stories on AI and Copilot, showing real-world solutions for open source security and vulnerability discovery.

Secret Scanning and Platform Rule Management for GitHub

From February 2026, GitHub secret scanning will provide extra metadata about detected credentials in eligible repositories, making it easier to address and fix exposures. GitHub’s infrastructure team also reviews platform-wide defense systems, including emergency rate limits and automated rule expiration, for ongoing hygiene and platform safety. This continues recent updates to GitHub’s security and workflow automation, supporting easier incident response and continuous improvement.

AI Coding Agents and Application Security

A technical review finds that AI coding agents sometimes introduce security vulnerabilities such as weak authentication, faulty validation, or dangerous functions. The article recommends thorough code review by developers, regardless of agent use, and a focus on workflow discipline. This finding connects to the theme of agentic AI providing support, but not replacing, expert oversight in secure development.

Secure Power Platform to Azure PaaS Connectivity with Zero Trust

A new guide walks through setting up zero trust connections from Power Platform to Azure PaaS. It uses VNet injection, firewalls, private endpoints, and peering along with RBAC and managed identity (no secrets). The design includes high availability, user-controlled keys, and automated setup with CLI and PowerShell, with code repositories provided. This contributes to ongoing best practices for integration and layered defense in Azure environments.

Code Signing and Property-Level Encryption for Developers

Azure Artifact Signing (AAS) reaches general availability, improving code signing for Windows apps using renewable certificates and simple integration in CI/CD pipelines. The feature isn’t regional or macOS-ready but helps with compliance and key management. For .NET 8, a walkthrough explains encrypting object properties (like OAuth tokens) on serialization with custom attributes and System.Text.Json’s TypeInfoResolver, with Azure Key Vault integration in development. This level of field-specific data protection supports compliance and privacy rules. Both topics follow last week’s advances in serialization and privacy-focused developer features.

Other Security News

A guide for Microsoft 365 admins covers external sharing controls across SharePoint, OneDrive, Teams, and Entra ID. Topics include settings management, MFA, conditional access, Access Reviews, auditing, and user education for safer collaboration. These play a role in reducing risk for email and document sharing as discussed previously.