SURIQDeep dive
Technical post-mortems and architecture walkthroughs from the Suriq engineering team.
FortiSandbox Under Attack: The Box That Catches Malware Is Now the Way In
Three critical FortiSandbox flaws are under active exploitation, two unauthenticated and one patched a week ago. Why a compromised malware sandbox blinds your
LiteSpeed's cPanel plugin gave shared-hosting tenants root twice in 2026. CageFS didn't help.
CVE-2026-54420 and CVE-2026-48172 let shared-hosting tenants reach root through the LiteSpeed cPanel plugin. Why CageFS isolation failed and what to patch now.
Why we built Suriq on Wazuh instead of writing our own detection engine
Suriq runs on Wazuh because a detection engine is a decade of decoders, CVE feeds, and agents you should never rebuild. Here is the reasoning behind the bet.
Ivanti Sentry's CVE-2026-10520: patch the gateway, then hunt for the breach
Ivanti Sentry CVE-2026-10520 is an unauthenticated root RCE under active attack. CISA's new 3-day patch rule applies; patched gateways were already breached.
PeopleSoft's PSEMHUB zero-day turns the patch service into the breach
CVE-2026-35273 sits in PeopleSoft's Updates Environment Management module. Mandiant ties active exploitation to ShinyHunters, with 100+ orgs already breached.
Velvet Ant's PAM-OpenSSH decade is an auth-stack blind spot, not a Linux bug
Sygnia found nine backdoored pam_unix.so variants and four trojanized OpenSSH binaries on one victim. Why auth-stack integrity is the SIEM-invisible gap.
Ready to meet the Guardians?
Deploys fast - agentless for monitoring and cloud, a lightweight agent for deep endpoint security. Just Suriq, standing watch.