Cloud Security Alliance — Lab Space (Research Notes)
csa-labs · C · active
https://labs.cloudsecurityalliance.org/research/
Surfaced by W1 (2026-W21) — published a strong two-wave consolidated research note on the Shai-Hulud/Megalodon supply-chain cascade (CVE-2026-45321, SLSA BL3 invalidation analysis). Candidate — promote to active after 3 successful runs. | 2026-06-20 full audit (v2.62): live=Y, drill=Y. FETCH → webfetch https://labs.cloudsecurityalliance.org/research/ (listing) then webfetch per-research-note URL for body. AVOID: Nothing — WebFetch works on listing and notes. Content skews heavily to AI/LLM-security research; weight accordingly for a SOC audience.. | 2026-07-05 admiralty audit: C (down from HIGH) — automated re-reporting pipeline, not original research; notes duplicate primaries the pipeline already tracks. Keep active (live+drillable) but operator should weigh limited added value over the cited primaries.
Cited in 5 entries
Citation cadence
Citation days per ISO week (8 weeks of coverage span, total 2).
- Open WebUI's six broken-access-control CVEs are one recurring authorization-architecture defect, not six isolated bugs2026-07-10
- Forg365: a commercial Microsoft 365 phishing-as-a-service kit bundling device-code + AiTM phishing, in-panel AI lure drafting, and a browser extension for SSO-cookie persistence2026-07-10
- Technology / developer toolchain — CI/CD supply chain remains the week's highest-volume attack surface2026-05-18
- TeamPCP / Mini Shai-Hulud / Megalodon — the open-sourced supply-chain worm became commodity infrastructure this week2026-05-18
- Looking ahead — 2026-W212026-05-18