Weekly Security Roundup: Supply Chain, AI Threats, and Identity

Security updates this week highlight new threat trends, code analysis improvements, and cloud identity features. Tools and case studies cover automated detection, zero trust architectures, and practical vulnerability management.

Supply Chain Attacks and Secure Development Environments

In-depth investigation details new supply chain attacks using malicious Next.js repositories that abuse build automation and workspace trust, including script injection, environment variable extraction, and persistent command and control in developer environments. The response plan recommends hardening IDEs, monitoring asset changes, and following outlined KQL queries for detection, extending last week’s focus on threat response for open-source workflows.

• Malicious Next.js Repositories Used in Developer-Targeting Attack: RCE and C2 via Build Workflows

Code Analysis and Vulnerability Management

CodeQL 2.24.2 introduces support for Go 1.26, Kotlin 2.3.10, and upgrades security scanning, including improved antiforgery checks for Python, Java, and C#. Dependabot alert fatigue is discussed, with recommendations for more context-aware, actionable vulnerability alerts and the use of alternative tools for critical-path security checks.

• CodeQL 2.24.2: Go 1.26, Kotlin 2.3.10 Support and Query Accuracy Improvements
• Critique of GitHub Dependabot: Alert Fatigue and Security Shortcomings

Securing AI-Driven Workflows and Zero Trust Architectures

Guides detail threat modeling for AI applications, including non-deterministic behavior, prompt controls, and human-in-the-loop review. Secure cloud demos use Entra ID, Key Vault, and least privilege to control agent tools and access, building toward auditable zero trust AI workflows.

• Threat Modeling AI Applications: Adapting Security Practices for Modern AI Systems
• Zero-Trust Security for Autonomous AI Agents in Azure AI Foundry

Cloud Identity, Storage, and Access Governance

Azure Storage now previews SAS delegation bound to Entra ID users to enforce fine-grained access and traceability. Entra ID Access Packages simplify onboarding/offboarding, enable just-in-time grants, and improve compliance workflows.

• Public Preview: Restrict Usage of User Delegation SAS to an Entra ID Identity
• Simplifying Access Governance with Microsoft Entra ID Access Packages

Security Automation, AI-Assisted Operations, and Data Governance

Security operations centers (SOC) are embracing automation with Defender XDR and agent-based models, supporting expert/hybrid workflows for alerting and policy across Copilot, ChatGPT, and Gemini. Demos show automated incident management and data security policy enforcement.

• Scaling Security Operations with Microsoft Defender Autonomous Defense and Expert-Led Services
• Securing AI Adoption with Microsoft's Data Security Posture Management (DSPM) for AI
• Security Copilot in Action: From Alert to Remediation in 25 Minutes

Other Security News

GitHub Enterprise Cloud adds IP allow list controls for Enterprise Managed User namespaces, unifying access policies and network controls across organization boundaries.

• IP Allow List Now Supports Enterprise Managed User Namespaces in GitHub Enterprise Cloud Guidance on Windows code signing flags issues with Microsoft’s timestamp server, recommending alternative providers for reliable builds.
• Don't use the Microsoft Timestamp Server for Signing