18 June 2026
SCA in 2026: AI-Aware SBOMs, Agentic Automation, Skilled Developers
Software Composition Analysis (SCA) is evolving rapidly. New regulations and AI-driven development demand a fresh approach to managing open-source risk. Effective SCA in 2026 requires AI-aware SBOMs, intelligent automati
Read More
15 June 2026
Scaling Code Review: AI's Impact on Vulnerability Discovery & Triage
AI-driven code review is fundamentally changing how security teams find and manage vulnerabilities. While models like Anthropic's Mythos are uncovering flaws at an unprecedented scale, this influx also strains traditiona
Read More
14 June 2026
OWASP Top 10: Still Relevant, Now With AI Context
Despite evolving threats, the OWASP Top 10 persists as a foundational application security guide. Recent incidents underscore its continued relevance, even as new AI-specific guidance emerges to contextualize its princip
Read More
14 June 2026
OWASP Top 10 Guidance for Security Teams in 2026
Recent incidents show the OWASP Top 10 is still a useful baseline. The practical shift is how teams apply it faster, with AI systems included.
Read More
13 June 2026
CVE-2026-35273 in PeopleSoft: What SAST Taint Analysis Catches That Signatures Miss
Oracle PeopleSoft's Java/JSP architecture was not designed with modern taint-aware security scanning in mind, and that gap is exactly what CVE-2026-35273 exploits. The vulnerability is actively…
Read More
11 June 2026
AI-as-a-Service in the Underground: What SAST Teams Must Detect Now
Rapid7's 2026 threat research confirms what many security teams suspected: AI-as-a-Service has moved from proof-of-concept to operationalized criminal infrastructure. Underground marketplaces now…
Read More
11 June 2026
Anthropic's Mythos: AI Finds 10,000 Zero-Days, Reshaping SAST
Anthropic's Claude Mythos Preview identified over 10,000 high- or critical-severity vulnerabilities in its first month. This changes how we view SAST and AI's role in the vulnerability discovery pipeline. Mythos can gene
Read More
9 June 2026
June Patch Tuesday: 206 Microsoft CVEs and the Case for Continuous Taint Analysis
June 2026 Patch Tuesday landed 206 Microsoft CVEs in a single cycle — a volume that makes reactive patching alone an insufficient security strategy. For CISOs and compliance teams measured on…
Read More
9 June 2026
Mitigating the 18-Year-Old NGINX RCE Before Patching
A critical 18-year-old NGINX vulnerability (CVE-2026-42945) allows remote code execution. This flaw, present since 2008, affects all NGINX versions up to 1.30.0 and NGINX Plus R32-R36, making rapid response crucial. Acti
Read More
8 June 2026
Modern SCA: Inventory, AI, and Business-Aligned Enforcement
Software Composition Analysis (SCA) is evolving. The most effective programs in 2026 will integrate comprehensive inventory, automated intelligence, and policy enforcement directly tied to business requirements.
Read More
5 June 2026
SAST Taint Tracking Spots ActiveMQ and Gogs RCE Before Exploit
Two widely-deployed open-source components now have complete, end-to-end Metasploit exploits. Apache ActiveMQ's broker deserialization path and Gogs' git rebase handler each accept…
Read More
4 June 2026
Node-gyp Worm: How SAST Taint Analysis Catches Self-Propagating npm Malware
A new class of npm supply chain attack hides malicious payloads inside binding.gyp — the build configuration file node-gyp uses to compile native addons. Unlike typosquaked packages or hijacked…
Read More
4 June 2026
OWASP Top 10 in 2026: What Real Incidents Reveal About Your Biggest Risks
From Exchange zero-days to poisoned npm packages, June 2026’s most damaging attacks align tightly with OWASP Top 10 categories. Here’s what security teams should prioritize—and why.
Read More
3 June 2026
HazyBeacon: Lambda Function URLs Abused as C2 Infrastructure
HazyBeacon: Lambda Function URLs Abused as C2 Infrastructure
Read More
2 June 2026
False-Positive Triage: What Security Teams Can Learn from Medical AI Validation
Medical AI's struggle with false positives offers hard-won lessons for security teams drowning in noisy alerts. Here's what actually works.
Read More
1 June 2026
Miasma Supply Chain Attack: When Red Hat npm Packages Become Attack Vectors
Traditional SAST tools scan first-party source code for known vulnerability patterns, then stop. That boundary is exactly where Miasma lives. The wiz-research-supplied threat intelligence on the…
Read More