Posts tagged with "Security"

A deep dive into Microsoft Entra Agent ID, the control plane for AI agent identity in 2026. Covers identity blueprints, attended and unattended authentication, tool-level RBAC, conditional access, OBO flows across multi-agent systems, and the audit logging that satisfies DORA, NIS2, and AI Act obligations.

A practical pattern for rotating Azure secrets with zero downtime using Managed Identity, Key Vault rotation policies, and versioned references — including the common mistakes that cause rotation-induced outages.

A practical engineering checklist for NIS2 compliance in Sweden — the ten risk-management measures, the 24-hour and 72-hour incident reporting timelines, supply-chain controls, and what board accountability looks like on the ground.

A step-by-step migration playbook for rolling out passkeys in a B2B SaaS — from opt-in enrollment and conditional mediation, through account recovery and device attestation, to the failure modes that still catch teams out.

What Next.js Server Actions actually protect against out of the box, what they do not, and the security patterns — auth, rate limiting, input validation, file-upload hardening — every production app should layer on top.

A review of the npm supply-chain incidents that defined 2025 — typosquats, self-replicating worms, and dist-tag hijacks — plus the concrete hardening steps every Next.js team should have in place before 2026.

Critical security vulnerabilities in Next.js 13-16 App Router: CVE-2025-55184 enables DoS attacks, CVE-2025-55183 exposes Server Action source code. Learn which versions are affected and how to upgrade immediately.

A critical CVSS 10.0 remote code execution vulnerability affects React 19 Server Components. Learn which versions are affected and exactly how to patch your Next.js, React Router, and other RSC applications immediately.