GitHub
2025-12-18
GitHub is offering more GitHub Enterprise customers a self-serve trial of GitHub Advanced Security so they can evaluate GitHub Code Security and GitHub Secret Protection.
Microsoft Security Blog
Microsoft published an e-book arguing that replacing isolated point solutions with a unified, AI-ready security platform delivers greater speed, operational resilience, and measurable security gains. The blog post announces the e-book and invites readers to explore the guidance.
2025-12-16
Dependabot now supports security alerts and automatic dependency updates for the uv ecosystem. When vulnerabilities are found in uv dependencies, Dependabot can open security alerts and create pull requests to update to secure versions.
Azure Updates
Azure NetApp Files advanced ransomware protection (ANF ARP) is now in Public Preview. ANF ARP is designed to help organizations proactively detect, respond to, and recover from ransomware threats on Azure NetApp Files cloud volumes by monitoring volumes.
GitHub updated the security overview dashboard to provide more accurate metrics for CodeQL alerts fixed using Copilot autofixes by refining how autofix usage is calculated, improving visibility into adoption and effectiveness without changing the fixes themselves.
GitHub has made code scanning alert assignees generally available. Teams can now assign individual code scanning alerts to specific people to create clear ownership and improve tracking and remediation of security vulnerabilities.
2025-12-15
Microsoft was named an overall leader in the KuppingerCole Leadership Compass for Generative AI Defense, announced on the Microsoft Security Blog.
2025-12-10
Microsoft emphasizes that insights from Cybersecurity Awareness Month and Microsoft Ignite 2025 show security remains a top business priority. The article calls for moving from awareness to concrete action by building a security-first culture suited to the risks and opportunities of agentic (autonomous) AI, combining leadership commitment, policy and governance, workforce training, and technical controls.
2025-12-09
On 2025-12-09 GitHub completed the deprecation of npm classic tokens by revoking them and moving to session-based authentication. At the same time GitHub released CLI token management features so developers can manage authentication tokens from the command line. This change is part of a security hardening effort and requires affected users and automation to re-authenticate and adopt the new session-based flows or updated tokens.
Azure Application Gateway V2 SKUs are now generally available with a FIPS 140-2 compliant mode, allowing customers to use FIPS-validated cryptographic modules to help meet US government and regulatory cryptography requirements.
.NET
2025-12-08
The article announces networking improvements in .NET 10, highlighting updates across HTTP, WebSockets, security, and related areas to enhance performance, reliability, and the developer experience.
Microsoft announced a new collaboration with Beazley naming them an incident response partner to strengthen cyber resilience by aligning with ecosystem partners and improving security for customers.