Microsoft Build 2026: Securing code, agents, and models across the development lifecycle

In this article 1. Secure your code 2. Secure your agents 3. Trust agents with your data 4. Secure your models 5. Trust starts with security Today, developers and security teams are caught in growing tension. AI is accelerating development and introducing new issues around insecure code, opaque...

Microsoft Security Advisory CVE-2025-55247 | .NET Denial of Service Vulnerability

Microsoft Security Advisory CVE-2025-55247 | .NET Denial of Service Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 8.0.xxx, .NET 9.0.xxx and .NET 10.0.xxx. This advisory also provides guidance on what developers c...

Symlink Attack

Overview Microsoft.Build.Tasks.Core is a This package contains the Microsoft.Build.Tasks assembly which implements the commonly used tasks of MSBuild. Affected versions of this package are vulnerable to Symlink Attack via improper handling of symbolic links before file access. An attacker can gai...

EUVD-2025-14511

Malicious code in bioql PyPI...

CBL Mariner 2.0 Security Update: golang (CVE-2025-25199)

The version of golang installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-25199 advisory. - go-crypto-winnative Go crypto backend for Windows using Cryptography API: Next Generation CNG. Prior to comm...

External Control Of File Name Or Path

Microsoft.Build.Tasks.Core are vulnerable to External Control of File Name or Path. The vulnerability is due to external control of file name or path due to improper validation of input that allows an authorized attacker to manipulate file paths over a network...

External Control of File Name or Path

Overview Microsoft.Build.Tasks.Core is a This package contains the Microsoft.Build.Tasks assembly which implements the commonly used tasks of MSBuild. Affected versions of this package are vulnerable to External Control of File Name or Path due to the external control of file name or path. An...

14 secure coding tips: Learn from the experts at Microsoft Build

Hey friends! If you are a developer, you know that writing clean and efficient code is just the starting point. Now, with AI playing a bigger role, secure coding isn't just a 'nice-to-have'—it's a must. Whether you're building web apps, working on cloud services, or adding AI to your projects,...

14 secure coding tips: Learn from the experts at Microsoft Build

Hey friends! If you are a developer, you know that writing clean and efficient code is just the starting point. Now, with AI playing a bigger role, secure coding isn't just a 'nice-to-have'—it's a must. Whether you're building web apps, working on cloud services, or adding AI to your projects,...

SUSE CVE-2025-25199

go-crypto-winnative Go crypto backend for Windows using Cryptography API: Next Generation CNG. Prior to commit f49c8e1379ea4b147d5bff1b3be5b0ff45792e41, calls to cng.TLS1PRF don't release the key handle, producing a small memory leak every time. Commit f49c8e1379ea4b147d5bff1b3be5b0ff45792e41...

CVE-2025-25199

CVE-2025-25199 concerns the go-crypto-winnative Go crypto backend for Windows (CNG). Root cause: prior to commit f49c8e1379ea4b147d5bff1b3be5b0ff45792e41, calls to cng.TLS1PRF did not release the key handle, causing a small memory leak per use. The fix is included in the Microsoft Go builds of ve...

CVE-2025-25199 BCryptGenerateSymmetricKey memory leak

go-crypto-winnative Go crypto backend for Windows using Cryptography API: Next Generation CNG. Prior to commit f49c8e1379ea4b147d5bff1b3be5b0ff45792e41, calls to cng.TLS1PRF don't release the key handle, producing a small memory leak every time. Commit f49c8e1379ea4b147d5bff1b3be5b0ff45792e41...

CVE-2025-25199 BCryptGenerateSymmetricKey memory leak

go-crypto-winnative Go crypto backend for Windows using Cryptography API: Next Generation CNG. Prior to commit f49c8e1379ea4b147d5bff1b3be5b0ff45792e41, calls to cng.TLS1PRF don't release the key handle, producing a small memory leak every time. Commit f49c8e1379ea4b147d5bff1b3be5b0ff45792e41...

Researchers Warn of Chinese-Aligned Hackers Targeting South China Sea Countries

Cybersecurity researchers have disclosed details of a previously undocumented threat group called Unfading Sea Haze that's believed to have been active since 2018. The intrusion singled out high-level organizations in South China Sea countries, particularly military and government targets,...

Microsoft Build 2023: Announcing new identity, compliance, and security features from Microsoft Security

At Microsoft Build 2023—an event for developers by developers—we’re going to announce exciting new features and technologies, share ideas, and help everyone boost their skills so we can all build a more secure future together. This year’s Microsoft Build offers a full program, both online and...

This Week in Spring - May 23rd, 2023

Hi, Spring fans! Welcome to another installment of This Week in Spring! It's May 23rd and, famously, nothing major has happened in the last week OH WAIT WE RELEASED SPRING BOOT 3.1! Have you checked it out yet? It's dope. I did a Spring Tips installment looking at some of its features here that y...

Windows 10 to retire in four years (or 52 Patch Tuesdays, in sysadmin years)

Microsoft will terminate support for Windows 10 Home and Pro on 14 October 2025, a decade after the original Windows 10 was brought to market. Although some may claim that a Microsoft document has been "quietly edited" over the weekend to reflect this "sudden change", this reveal isnt new. In fac...

Hackers Using Microsoft Build Engine to Deliver Malware Filelessly

Threat actors are abusing Microsoft Build Engine MSBuild to filelessly deliver remote access trojans and password-stealing malware on targeted Windows systems. The actively ongoing campaign is said to have emerged last month, researchers from cybersecurity firm Anomali said on Thursday, adding th...