wiz.io
Resources curated from this publisher and indexed across appsec.fyi topic pages. Last item added: 2026-05-12.
XSS 12
Supply Chain 7
RCE 6
SSRF 4
API Sec 2
AuthZ 2
Secrets 2
AI 1
AuthN 1
Bug Bounty 1
GraphQL 1
OSINT 1
| Date Added | Resource | Excerpt |
|---|---|---|
| 2026-05-12 2026 | 7 AI Security Tools to Prepare You for Every Attack PhaseAI | Library for hardening machine learning models against adversarial threats, the Adversarial Robustness Toolbox (ART) offers Python modules for assessing, defending, and verifying security. It supports 39 attack and 29 defense modules across major ML frameworks like TensorFlow and PyTorch, handling various data modalities. ART provides robustness metrics for objective resilience reporting, best suited for ML researchers and security engineers focused on adversarial attack simulation and model hardening during development. |
| 2026-05-06 2026 | Critical Buffer Overflow Vulnerability in PAN-OS Exploited in-the-WildRCE | Writeup of CVE-2026-0300, a critical buffer overflow in Palo Alto Networks PAN-OS, allowing unauthenticated attackers remote code execution with root privileges. The vulnerability targets the User-ID Authentication Portal service, particularly when exposed to untrusted networks or the public internet. Exploitation risk is high for instances accessible externally via ports 6081 or 6082. Immediate patching, access restriction, or disabling the portal are recommended mitigation steps. |
| 2026-04-29 2026 | Supply Chain Campaign Targets SAP npm Packages with Credential-Stealing MalwareSecretsSupply Chain | Library for detecting the "Mini Shai Hulud" supply chain attack, which compromises SAP npm packages like `@cap-js/sqlite` and `@cap-js/postgres` using malicious preinstall scripts. The malware harvests developer and CI/CD secrets from GitHub, npm, and cloud providers (AWS, Azure, GCP) via multi-stage payloads, exfiltrating data through attacker-controlled GitHub repositories using the GraphQL API. It also attempts to poison GitHub repositories and steal browser credentials, with attribution to TeamPCP based on shared RSA keys and code similarities. |
| 2026-04-28 2026 | GitHub RCE Vulnerability: CVE-2026-3854 BreakdownRCE | Tool for analyzing CVE-2026-3854, a critical RCE vulnerability in GitHub's internal git infrastructure. This flaw, exploitable via a single git push from an authenticated user, allowed arbitrary command execution on GitHub.com's backend servers, potentially exposing millions of repositories. On GitHub Enterprise Server, it granted full server compromise. The analysis details the X-Stat header injection flaw and the exploitation chain involving `rails_env`, `custom_hooks_dir`, and `repo_pre_receive_hooks` fields to bypass sandboxing and achieve remote code execution. |
| 2026-04-22 2026 | GitHub Actions Security Pt 1: Attacks & Defenses (Wiz)Supply Chain | Library detailing GitHub Actions security, addressing common misconfigurations and outlining defensive strategies. It explains the threat model, covering risks like Pull Request pwnage and script injection, exemplified by attacks such as the Trivy supply chain compromise exploiting `pull_request_target` and `workflow_run` triggers. The entry emphasizes understanding the trust boundary between repository owners and external actors to prevent code execution with elevated permissions. |
| 2026-04-16 2026 | SSRF Vulnerability on Major Gaming Company (Wiz Bug Bounty)SSRF | Writeup detailing a real-world SSRF vulnerability discovered at a major gaming company. The challenge involves exploiting a content service that fetches resources from provided URLs to access internal cloud infrastructure and sensitive credentials. Attackers aim to trick the server into making unintended requests, thereby reaching hidden internal resources and extracting a flag. |
| 2026-04-16 2026 | React2Shell Deep Dive: CVE-2025-55182 Exploit MechanicsRCE | Library detailing CVE-2025-55182, dubbed "React2Shell," a critical RCE vulnerability in React Server Components. This library breaks down the exploit mechanics, including improper input deserialization and gadget chains, and analyzes in-the-wild attacks observed by Wiz. These attacks range from opportunistic cryptomining and credential harvesting to sophisticated cloud backdoors leveraging Node.js for fileless persistence and Sliver implants for long-term access. The vulnerability has broader implications beyond Next.js, affecting frameworks like Waku and Vite with RSC plugins. |
| 2026-04-11 2026 | npm Supply Chain Attack: debug, chalk, and BeyondSupply Chain | Library for detecting and mitigating widespread npm supply chain attacks, specifically detailing the debug/chalk incident. This resource unpacks how malicious versions of popular packages, including debug and chalk, were distributed and bundled into frontend applications. The attack hijacks browser network and wallet APIs to silently rewrite cryptocurrency recipients and approvals, diverting transactions to attacker-controlled wallets. It highlights the rapid propagation through CI/CD pipelines and the scope beyond initial reports, emphasizing the need for ongoing vigilance and registry updates. |
| 2026-04-11 2026 | s1ngularity: Nx supply chain attack leaks secretsSupply Chain | Writeup of the s1ngularity Nx supply chain attack, detailing how malicious Nx build system npm packages led to the exfiltration of sensitive developer assets like cryptocurrency wallets, GitHub tokens, and SSH keys. The attack leveraged AI CLI tools for reconnaissance and initially exfiltrated data to attacker-controlled GitHub repositories, which were later disabled by GitHub. A subsequent phase involved using leaked GitHub tokens to publicly expose over 5500 private repositories. The compromise was attributed to a flawed GitHub Actions workflow using `pull_request_target` with unsanitized pull request titles, granting arbitrary command execution and elevated permissions. |
| 2026-04-11 2026 | tj-actions/changed-files supply chain attackSupply Chain | Library update detailing a supply chain attack on the tj-actions/changed-files GitHub Action, leading to CVE-2025-30066. The compromise involved a malicious payload that leaked secrets from affected repositories into workflow logs, including AWS access keys, GitHub PATs, and private RSA keys. Mitigation steps include stopping usage of the affected action, rotating leaked secrets, pinning actions to commit hashes, and utilizing GitHub's allow-listing features. The attack vector likely involved compromising a GitHub personal access token. |
| 2026-04-11 2026 | Shai-Hulud 2.0: 25K+ Repos ExposedSupply Chain | Shai-Hulud 2.0: 25K+ Repos Exposed |
| 2026-04-11 2026 | What is Open Policy Agent (OPA)?AuthZ | Library for managing cloud-native policies, Open Policy Agent (OPA) offers a unified, context-aware approach by decoupling policy enforcement from application code. It uses the Rego policy language for expressive, declarative rules, enabling security and compliance through policy-as-code, consistency across Kubernetes, microservices, and CI/CD pipelines, and efficient updates via a centralized policy library. |
| 2026-04-11 2026 | Kubernetes RBAC Best PracticesAuthZ | Reference detailing Kubernetes RBAC best practices, emphasizing the importance of the principle of least privilege (PoLP) and regular permission reviews. It highlights the risks of misconfigured RBAC, citing the "RBAC Buster" attack, and recommends tools like Open Policy Agent (OPA) for automating policies and Wiz for auditing. The entry also covers using namespaces for scope limitation, auditing RBAC events, securing sensitive operations, and integrating with external identity providers. |
| 2026-04-11 2026 | CVE-2025-47275: Auth0-PHP SDK CriticalAuthN | Library for detecting authentication bypass vulnerabilities within the Auth0-PHP SDK, specifically addressing CVE-2025-47275. This critical flaw allows attackers to circumvent authentication mechanisms. |
| 2026-04-10 2026 | OWASP API Security Top 10 RisksAPI Sec | Reference detailing the OWASP API Security Top 10 Risks, updated in 2023 to reflect evolving threats. This includes risks like Broken Object Level Authorization (BOLA), Broken Authentication, Broken Object Property Level Authorization (BOPLA), Unrestricted Resource Consumption, Broken Function Level Authorization (BFLA), Unrestricted Access to Sensitive Business Flows, Server-Side Request Forgery (SSRF), and Security Misconfiguration. The document offers mitigation strategies for these vulnerabilities, citing examples like Uber and Trello breaches. |
| 2026-04-10 2026 | 9 Top OSINT Tools & How to Evaluate ThemOSINT | Library for OSINT that streamlines threat intelligence gathering by processing publicly available information from various sources. It aids in identifying exposed assets, leaked credentials, and risky domains, offering features like multilingual analysis, dark web monitoring via DarkSearch.io, and metadata extraction from documents with FOCA. Tools like BuiltWith help map attack surfaces, while Intelligence X and Babel X focus on discovering sensitive data and threat actor activity across deep and dark web platforms. |
| 2026-04-10 2026 | GraphQL API Security Risks Every Developer Should KnowGraphQL | Library for GraphQL API security, focusing on mitigating risks like excessive query complexity, data over-exposure, injection attacks (SQL, command, prompt), Insecure Direct Object Reference (IDOR), denial-of-service (DoS) via query amplification and complexity bombs, schema introspection misuse, and Cross-Site Request Forgery (CSRF) on mutation operations. It recommends best practices such as field-level authorization, query whitelisting, depth limits, and query cost analysis to protect against these vulnerabilities. |
| 2026-04-10 2026 | Critical Redis RCE Vulnerability: CVE-2025-49844RCE | Writeup on CVE-2025-49844, dubbed #RediShell, detailing a critical Use-After-Free (UAF) vulnerability in Redis. This flaw allows authenticated attackers to execute arbitrary native code on the Redis host by escaping the Lua sandbox with a crafted Lua script. Given Redis's prevalence in cloud environments, this vulnerability poses a significant risk, potentially leading to data exfiltration, lateral movement, and system compromise. The writeup also highlights affected forks like Valkey and managed services such as Amazon ElastiCache, Google Cloud Memorystore, and Azure Cache for Redis. |
| 2026-04-10 2026 | Ivanti EPMM RCE Vulnerability Chain Exploited in the WildRCE | Writeup detailing the exploitation of Ivanti EPMM by CVE-2025-4427 and CVE-2025-4428, a chain enabling unauthenticated RCE. The attack bypasses authentication via misconfigured Spring Security and leverages Java Expression Language injection for code execution. Observed in-the-wild activity includes Sliver beacon C2 communication, MySQL database dumping, deployment of JSP web shells, and direct reverse shells. Affected versions include 11.12.0.4 and prior, 12.3.0.1 and prior, 12.4.0.1 and prior, and 12.5.0.0 and prior. |
| 2026-04-10 2026 | Gogs Zero-Day RCE (CVE-2025-8110) Actively ExploitedRCE | Writeup detailing CVE-2025-8110, an actively exploited RCE in Gogs, a self-hosted Git service. This vulnerability is a symlink bypass of a previous RCE (CVE-2024-55947), allowing authenticated users to overwrite files outside the repository via the PutContents API. The exploit chain involves committing a symlink and then using the API to overwrite sensitive files like `.git/config`. Wiz Research discovered this zero-day during an investigation, finding over 700 compromised instances public-facing. A fix is available in Gogs version v0.13.4. |
| 2026-04-06 2026 | Secure Code Scanning: Basics & Best PracticesSecrets | Library for secure code scanning, a practice vital for identifying and resolving security flaws, code smells, and data privacy risks across first-party code, third-party libraries, and container images. It leverages techniques like flow-based analysis and pattern matching to detect vulnerabilities such as SQL injection and RCE, citing real-world examples like the MOVEit Transfer and Ollama (CVE-2024-37032) incidents. The library aids in preventing costly data breaches by integrating security into the SDLC and offers Software Composition Analysis (SCA) to manage dependencies and licenses. |
| 2026-04-03 2026 | API management: Fundamentals for cloud security teamsAPI Sec | Library for API management, a crucial component of cloud security, offering standardized authentication and policy enforcement via edge gateways. It enhances API security by combining agentless cloud scanning with API discovery, mapping APIs to cloud resources and data sensitivity. This approach reduces incident response times, minimizes audit findings, and enables zero trust architectures by addressing vulnerabilities like broken object-level authorization, broken authentication, and shadow APIs. Key capabilities include gateway traffic management, centralized authentication/authorization, and comprehensive monitoring and observability. |
| 2026-04-03 2026 | Axios NPM Distribution Compromised in Supply Chain AttackSupply Chain | Analysis of the Axios npm supply chain attack details how a compromised maintainer account led to malicious versions (v1.14.1, v0.30.4) being published, introducing a dependency on the trojanized `plain-crypto-js` package. This compromise, tracked as GHSA-fw8c-xr5c-95f9 and MAL-2026-2306, involved a dropper executing platform-specific RATs from `sfrclak.com:8000`. Security teams should audit axios usage, rotate exposed credentials, investigate compromise paths, and monitor for suspicious activity. |
| 2026-03-01 2026 | Server-Side Request Forgery: What It Is & How To Fix It | WizSSRF | Library detailing Server-Side Request Forgery (SSRF) vulnerabilities, explaining how attackers trick servers into making requests to internal resources like cloud metadata services and sensitive systems. It highlights SSRF's inclusion in the OWASP Top 10 and CWE Top 25, with examples like the Capital One breach. The library emphasizes prevention through strict input validation, egress controls, API security best practices, and continuous API inventory management, referencing tools like SSRFire and ZAP for detection. |
| 2026-01-22 2026 | Bug Bounty Masterclass | WizBug Bounty | Masterclass on bug bounty hunting methodology, drawing from actual successful submissions. It showcases high-value findings like airline data dumps, domain registrar exposure, and admin panel compromises, alongside vulnerabilities such as SSRF and authentication bypasses on major companies. The program aims to guide beginners through a consistent learning path to achieving significant payouts. |
| 2026-01-01 2026 | CVE-2025-23469 Impact Exploitability and Mitigation StepsXSS | The content discusses the CVE-2025-23469 vulnerability, focusing on its impact, exploitability, and mitigation steps. It provides insights into the potential consequences of the vulnerability, the likelihood of it being exploited, and steps that can be taken to mitigate the risks associated with it. The link provided directs to further details on the vulnerability in the Wiz vulnerability database. |
| 2025-11-10 2025 | CVE-2025-31029 Impact Exploitability and Mitigation StepsXSS | Writeup detailing CVE-2025-31029, an impact exploitability and mitigation analysis. This community-led vulnerability database entry provides insights into a critical cloud security issue, enabling users to evaluate their practices across nine security domains and identify defensive gaps. |
| 2025-11-10 2025 | CVE-2024-13992 Impact Exploitability and Mitigation StepsXSS | Writeup of CVE-2024-13992, detailing its impact, exploitability, and mitigation steps. This analysis focuses on a cloud vulnerability, offering insights relevant to assessing and strengthening cloud security practices. |
| 2025-11-10 2025 | CVE-2013-10074 Impact Exploitability and Mitigation StepsXSS | Reference for CVE-2013-10074, detailing its impact, exploitability, and mitigation steps. This vulnerability, documented within the Wiz Cloud Vulnerability Database, highlights potential gaps in cloud security practices. The database aims to provide a community-led resource for understanding and addressing cloud-based threats, offering insights beyond basic security domain assessments. |
| 2025-11-10 2025 | CVE-2024-13993 Impact Exploitability and Mitigation StepsXSS | Library for identifying and mitigating CVE-2024-13993, a cloud vulnerability. This resource offers detailed analysis, exploitability insights, and practical mitigation steps to safeguard cloud environments against this specific threat. It enables users to assess their security practices and identify defensive gaps. |
| 2025-11-10 2025 | CVE-2018-25119 Impact Exploitability and Mitigation StepsXSS | Analysis of CVE-2018-25119 details its impact, exploitability, and mitigation steps for cloud security. The Wiz vulnerability database offers free assessments to evaluate cloud security practices across nine domains, identifying defense gaps and benchmarking risk levels, aiming to provide full visibility into cloud workloads. |
| 2025-11-10 2025 | CVE-2021-47689 Impact Exploitability and Mitigation StepsXSS | Library for understanding CVE-2021-47689, detailing its impact, exploitability, and mitigation steps. This resource focuses on this specific cloud vulnerability, offering insights into how it can be leveraged and how to defend against it. It aims to empower users with the knowledge to assess and address security gaps within their cloud environments. |
| 2025-11-10 2025 | CVE-2025-62076 Impact Exploitability and Mitigation StepsXSS | Library for researching CVE-2025-62076, detailing its impact, exploitability, and mitigation steps. The entry offers a free vulnerability assessment across nine security domains to benchmark cloud security practices and identify defense gaps. Wiz.io provides this community-led database entry, highlighting its utility for understanding and addressing cloud security vulnerabilities. |
| 2025-11-10 2025 | CVE-2025-62030 Impact Exploitability and Mitigation StepsXSS | Reference detailing CVE-2025-62030, outlining its impact and exploitability. This entry provides mitigation steps and is part of a community-led vulnerabilities database, offering free assessment across nine security domains to benchmark risk and identify defense gaps. |
| 2025-11-10 2025 | CVE-2025-59556 Impact Exploitability and Mitigation StepsXSS | Analysis of CVE-2025-59556 details its impact and exploitability within cloud environments. This entry also provides actionable mitigation steps to secure against this specific vulnerability, allowing organizations to assess and improve their cloud security practices across multiple domains and identify potential defense gaps. |
| 2025-11-10 2025 | CVE-2025-62036 Impact Exploitability and Mitigation StepsXSS | Library for discovering and mitigating CVE-2025-62036 in cloud environments. This resource details the impact and exploitability of the vulnerability, offering practical mitigation steps to secure cloud workloads. It emphasizes achieving full visibility and identifying critical security gaps within cloud infrastructure. |
| 2025-11-06 2025 | CVE-2025-31366 Impact Exploitability and Mitigation StepsXSS | Library for evaluating cloud security practices, this resource details CVE-2025-31366. It assesses risk levels across nine security domains, identifies defense gaps, and offers a free vulnerability assessment. The database aims to provide full visibility to cloud workloads and validate critical findings. |
| 2025-09-26 2025 | IMDS Abused: Hunting Rare Behaviors to Uncover ExploitsSSRF | Library for detecting and mitigating abuse of cloud Instance Metadata Services (IMDS). It details how threat actors exploit IMDS for credential theft and lateral movement, focusing on techniques like Server-Side Request Forgery (SSRF) against IMDSv1 and misconfigured workloads. The library highlights a data-driven approach to anomaly hunting, identifying rare IMDS access patterns, filtering by sensitive metadata paths, and contextualizing compute environments. This methodology led to the discovery of CVE-2025-51591, a zero-day SSRF vulnerability in pandoc, exploited to access sensitive IAM credentials. |
| 2025-09-15 2025 | Server-Side Request Forgery: What It Is & How To Fix ItSSRF | Library for detecting and preventing Server-Side Request Forgery (SSRF), a critical vulnerability where attackers trick servers into accessing internal resources. It covers how SSRF exploits cloud metadata services, internal APIs, and sensitive systems, and recommends strict input validation, egress controls, and API security best practices, referencing techniques seen in the Capital One breach and tools like SSRFire and ZAP. |