5 June 2026
SAST Taint Tracking Spots ActiveMQ and Gogs RCE Before Exploit
Two widely-deployed open-source components now have complete, end-to-end Metasploit exploits. Apache ActiveMQ's broker deserialization path and Gogs' git rebase handler each accept…
Read More
4 June 2026
Node-gyp Worm: How SAST Taint Analysis Catches Self-Propagating npm Malware
A new class of npm supply chain attack hides malicious payloads inside binding.gyp — the build configuration file node-gyp uses to compile native addons. Unlike typosquaked packages or hijacked…
Read More
4 June 2026
OWASP Top 10 in 2026: What Real Incidents Reveal About Your Biggest Risks
From Exchange zero-days to poisoned npm packages, June 2026’s most damaging attacks align tightly with OWASP Top 10 categories. Here’s what security teams should prioritize—and why.
Read More
2 June 2026
False-Positive Triage: What Security Teams Can Learn from Medical AI Validation
Medical AI's struggle with false positives offers hard-won lessons for security teams drowning in noisy alerts. Here's what actually works.
Read More
3 June 2026
HazyBeacon: Lambda Function URLs Abused as C2 Infrastructure
HazyBeacon: Lambda Function URLs Abused as C2 Infrastructure
Read More
1 June 2026
Miasma Supply Chain Attack: When Red Hat npm Packages Become Attack Vectors
Traditional SAST tools scan first-party source code for known vulnerability patterns, then stop. That boundary is exactly where Miasma lives. The wiz-research-supplied threat intelligence on the…
Read More