Blog

In this article, we share insights from BSides SF 2025 on how profiling and tracing enhance AppSec by adding context, clarity, and speed to triage.

In this article, we share how we built the Miggo ADR Platform to solve key challenges and set a new standard for runtime application security.

We're excited to announce Miggo’s Dangling DNS Detector, the automated way to detect DNS entries and prevent takeovers.

Miggo’s Application Attack Path Engine Enables Security Teams with Better Context to Power Active Runtime Defense

Keeping track of security-related documentation changes within an AWS document isn’t always obvious, or easy to do. However, teams must stay informed to ensure they’re maintaining their organization’s security standards. While AWS provides robust logging capabilities, certain security-relevant alterations can go unnoticed. That’s why we’re excited to introduce our AWS Security Docs Change Engine, a single place for teams to stay in the loop on any and all documentation changes.

On March 21st, 2025, Next.js disclosed a 9.1 critical vulnerability (CVE) that would allow attackers to bypass middleware-based authorization checks. This issue was originally discovered and investigated by Rachid Allam (zhero) who authored a detailed research paper to outline the specifics.

We’re excited to announce that Noa Gur Arieh has joined Miggo as our Director of Partnerships. Noa joins Miggo from McKinsey, where she led multiple strategy engagements for leading financial institutions in Israel, the UK, and Europe, as well as multiple NGO partnerships focused on improving the economic productivity.

Government Communications Headquarters (GCHQ), the UK's intelligence and security agency, has confirmed Miggo’s discovery of a 9.4 critical vulnerability, CVE-2025-25182, in its maintained project, Stroom. CVE-2025-25182 enables attackers to bypass authentication and authorization in any Stroom application.

The number of application breaches continues to rise as organizations adopt more applications with growing business impact. In this increasingly complex reality, traditional tools fall short against AI-powered attacks that are faster and dynamically evolving, creating an expanding attack surface

This blog will explore the story of the MOVEit breach, diving deep into the .NET Framework and wrangling with its obscurities, extending OpenTelemetry (OTel), and ultimately…a story of perseverance. Sort of.

As organizations increasingly adopt microservices and serverless architectures, understanding and securing their environments becomes more complex. Teams need a way to connect the dots from when an application is launched to when it’s being attacked. A modern application observability technique called “tracing” is the key to surfacing these missing insights.

Application Detection and Response (ADR) solutions are changing the game of application security. They not only give teams long needed visibility into applications but enable proactive threat detection and response by focusing on application behavior deviations in real time and at runtime.