X25519 Key Agreement Lands In-Box in .NET 11 Preview 5
.NET 11 Preview 5 adds a first-class X25519DiffieHellman type to System.Security.Cryptography, so you can do Curve25519 key exchange without BouncyCastle or NSec.
Tag: security
7 posts
Claude Code's Security-Guidance Plugin Reviews Its Own Diffs Before You Commit
Anthropic shipped a free security-guidance plugin for Claude Code that scans the agent's own edits for vulnerabilities in three layers, from a no-cost pattern match to an agentic review on commit.
NuGet Package Pruning Is On by Default in .NET 10
NuGet Package Pruning shipped on-by-default for net10.0 projects, cutting transitive vulnerability reports by 70% and restore times by up to 50%.
Agent Governance Toolkit puts a YAML policy in front of every MCP tool call from .NET
Microsoft's new Microsoft.AgentGovernance package wraps MCP tool calls with a policy kernel, a security scanner, and a response sanitizer. Here is what each piece does and how the wiring looks in C#.
Aspire 13.2.4 Patches CVE-2026-40894: Baggage Header DoS in OpenTelemetry .NET
Aspire 13.2.4 ships an OpenTelemetry bump for CVE-2026-40894, a Gen0 allocation amplification in baggage, B3, and Jaeger propagator parsing. Update OpenTelemetry.Api and OpenTelemetry.Extensions.Propagators to 1.15.3 even if you are not on Aspire.
.NET 10.0.7 Ships Out-of-Band to Fix CVE-2026-40372 in ASP.NET Core Data Protection
A HMAC validation flaw in Microsoft.AspNetCore.DataProtection 10.0.0 through 10.0.6 lets attackers forge ciphertexts. .NET 10.0.7 is the mandatory fix.
.NET 10 Post-Quantum Cryptography: ML-KEM, ML-DSA, and SLH-DSA
.NET 10 adds native support for post-quantum cryptography algorithms ML-KEM, ML-DSA, and SLH-DSA, preparing your applications for a quantum-resistant future.