Explains how to link privileged accounts to user identities in Microsoft Defender for Identity to improve security visibility and incident response.
.NET 10 introduces built-in Post-Quantum Cryptography (PQC) APIs, enabling developers to adopt quantum-resistant algorithms for future security.
Anthropic invests $1.5 million in the Python Software Foundation to support Python ecosystem security and core development.
Anthropic invests $1.5 million in the Python Software Foundation to support Python ecosystem security and core development.
.NET 10 on macOS now automatically uses TLS 1.3 for HTTPS connections, improving security and performance without code changes.
A guide to using Microsoft Entra Access Reviews for governance and regular auditing of user and guest access permissions.
A developer recounts debugging a PostgreSQL container stability issue that turned out to be a hidden security vulnerability, sharing lessons learned.
A developer's 2025 review: transitioning to a DevRel role at Pomerium, diving into security and AI agents via MCP, and giving numerous tech conference talks.
Author details how Substack's content filter blocked a newsletter containing a SQL injection exploit example, citing a 'Network error'.
Microsoft adds a new 'Microsoft 365 Support Engineer' role to Entra, but warns it's not for general use and is likely for internal or partner support.
Explores a novel, anonymous web login system using secret keys instead of email or social logins, highlighting its trade-offs.
A developer details a frustrating bug in GitHub's 2FA system that prevents removing SMS authentication without adding an authenticator app first.
A guide on protecting API keys and secrets from malware by avoiding environment variables and using a password manager with CLI integration.
Explores the 'Normalization of Deviance' concept in AI safety, warning against complacency with LLM vulnerabilities like prompt injection.
Analysis of Microsoft's Secure Future Initiative report, emphasizing trust as a core architectural dimension and the risks of timing debt in hybrid infrastructure.
Analyzes the pros and cons of renaming the built-in SQL Server 'sa' account as a security measure against brute-force attacks.
Explains why traditional ESAE security for Tier 0 assets is outdated and details a modern approach using Azure Arc with dedicated subscriptions and tightened controls.
Fixing YouTube embed error 153 by adjusting Django's Referrer-Policy header from same-origin to strict-origin-when-cross-origin.
Microsoft Intune's Multi Admin Approval feature now secures critical device actions like wipe, retire, and delete, requiring a second admin's approval.
A summary of key developments in Go's cryptography ecosystem over the past year, including post-quantum key exchanges and security improvements.
