Blog

On March 21st, 2025, Next.js disclosed a 9.1 critical vulnerability (CVE) that would allow attackers to bypass middleware-based authorization checks. This issue was originally discovered and investigated by Rachid Allam (zhero) who authored a detailed research paper to outline the specifics.

We’re excited to announce that Noa Gur Arieh has joined Miggo as our Director of Partnerships. Noa joins Miggo from McKinsey, where she led multiple strategy engagements for leading financial institutions in Israel, the UK, and Europe, as well as multiple NGO partnerships focused on improving the economic productivity.

Government Communications Headquarters (GCHQ), the UK's intelligence and security agency, has confirmed Miggo’s discovery of a 9.4 critical vulnerability, CVE-2025-25182, in its maintained project, Stroom. CVE-2025-25182 enables attackers to bypass authentication and authorization in any Stroom application.

The number of application breaches continues to rise as organizations adopt more applications with growing business impact. In this increasingly complex reality, traditional tools fall short against AI-powered attacks that are faster and dynamically evolving, creating an expanding attack surface

This blog will explore the story of the MOVEit breach, diving deep into the .NET Framework and wrangling with its obscurities, extending OpenTelemetry (OTel), and ultimately…a story of perseverance. Sort of.

As organizations increasingly adopt microservices and serverless architectures, understanding and securing their environments becomes more complex. Teams need a way to connect the dots from when an application is launched to when it’s being attacked. A modern application observability technique called “tracing” is the key to surfacing these missing insights.

Application Detection and Response (ADR) solutions are changing the game of application security. They not only give teams long needed visibility into applications but enable proactive threat detection and response by focusing on application behavior deviations in real time and at runtime.

To better understand the need for ADR, it’s important to reflect on how applications have transformed. Just a few years ago, applications were developed by a single, tightly knit team, hosted either on-prem or in the cloud, and shielded by perimeter defenses like firewalls and WAFs.

As autumn settles in and the nights grow longer, Spooky Season is a reminder to look beyond the visible and confront what's hidden. The real scares aren't from goblins or ghosts but from unseen integrations quietly embedded into your application infrastructure. This Halloween, it’s time to shine a light on the hidden entities accessing your data without you even knowing.

Every security team has its horror stories. If you’re fortunate, you can learn from listening to these stories. If you’re really clever, you can use those stories to run your own tabletop exercises, learn from them, and hopefully avoid your own personal Apocalypse Now.

Application Security has become one of the fastest-growing, increasingly challenging security sectors within modern business. What was once almost an afterthought, a simple task of securing the software development process with some manual testing and patching, has evolved into a critical component of security postures in every type of organization and industry.

Today's multi-service and multi-cloud applications have long evaded real-time visibility due to their complexity and distribution. Miggo is changing that with deep, real-time visibility into what takes place between your multiservice components. By enhancing the value of the data already collected from your observability tools, we’re offering comprehensive detection capabilities to support a robust response to application security flaws.