appsec.fyi · Sources

wiz.io

235 curated AppSec resources from wiz.io across 17 topics on appsec.fyi.

wiz.io

Resources curated from this publisher and indexed across appsec.fyi topic pages. Last item added: 2026-06-26.

AI 81 Supply Chain 53 RCE 32 Secrets 26 AuthZ 25 API Sec 21 XSS 12 AuthN 11 Bug Bounty 8 Recon 6 SSRF 6 Python 3 Talks 3 OSINT 2 GraphQL 1 JWT 1 Mobile 1
Date Added Resource Excerpt
2026-06-26 2026Wiz at Google Next: Machine-Speed Defense for Any Cloud, Any Platform, Any AIAIWiz is enhancing its cloud security platform with new AI-driven capabilities announced at Google Cloud Next. These advancements extend Wiz's coverage to encompass the entire AI lifecycle, from initial AI-generated code to AI and agent studios, and even to the cloud edge. This machine-speed defense aims to provide comprehensive security across any cloud, platform, and AI environment.
2026-06-26 2026Red Agent and Claude Opus: Securing Production Targets at ScaleAIDelivering enterprise-grade continuous AI-powered risk assessment to hundreds of customers through the combined power of Wiz and Anthropic
2026-06-25 2026Choosing an AI-SPM tool: The four questions every security organization needs to askAITool for AI Security Posture Management (AI-SPM) that guides organizations in adopting AI responsibly. It prompts security teams to ask four critical questions: identifying all AI services and technologies in use, understanding associated risks (like data leakage evidenced by the 38TB exposed by Microsoft AI researchers, or model poisoning), prioritizing these risks based on context (e.g., a root-enabled notebook instance with sensitive training data), and detecting misuse within AI pipelines in near real-time. This approach enables secure AI innovation by providing visibility into the AI Bill of Materials (AI-BOM) and extending attack path analysis to AI.
2026-06-25 2026The top 10 AI security articles you must read in 2024AISurvey of AI security articles, highlighting techniques like divergence attacks on ChatGPT training data, adversarial machine learning, and jailbreaking LLMs via universal suffix attacks. It also covers the OWASP Top 10 for LLM applications, including Prompt Injection and Training Data Poisoning, as well as Llama Guard for input-output safeguarding, Semgrep and TruffleHog for analyzing ML research code, Cross Plugin Request Forgery in ChatGPT plugins, and Fuzzomatic for AI-driven fuzzing of Rust projects. The articles also address the security implications of Biden's AI Executive Order and the emergence of malicious LLM variants like WormGPT.
2026-06-25 2026Wiz extends its AI-SPM offering to OpenAI platformAILibrary for AI Security Posture Management (AI-SPM) that extends coverage to the OpenAI platform via a new SaaS connector. This enables organizations to detect and mitigate risks within their OpenAI environments, including sensitive data in training datasets and misconfigurations. Wiz correlates OpenAI risks with cloud context, offering attack path analysis to prevent breaches from cloud infrastructure to AI models and vice-versa, providing visibility into AI-BOMs, users, and training data on the Wiz Security Graph.
2026-06-25 2026Wiz Research presents its latest report: “State of AI in the Cloud 2024”AIReport analyzing the state of AI in cloud environments, detailing key findings on the usage of generative AI and machine learning services. Over 70% of organizations now use managed AI services, with Azure OpenAI leading adoption and experiencing significant growth. While many organizations are experimenting, only 10% are heavy users, potentially due to cost and quotas. The report emphasizes building visibility into AI usage and fostering a culture of security ownership to manage the evolving attack surface.
2026-06-25 2026Claude Enterprise Meets the Security Graph: Wiz Integrates with Anthropic's Compliance APIAISecurity and compliance teams can now monitor Claude activity directly in Wiz, extending the workflows they already rely on to AI
2026-06-25 2026Defending at Machine-Speed: Building AI Threat Readiness with WizAILibrary for operationalizing AI threat readiness, focusing on speed and visibility. It utilizes Wiz ASM to reduce attack surface by detecting exploitable risk, the AI-powered Red Agent to autonomously discover logic-driven vulnerabilities at machine speed, and the Green Agent to automate remediation with code-to-cloud mapping and ownership context. Wiz Workflows scale response processes, while Wiz guardrails and WizOS implement prevention controls across the SDLC, including context-aware AI-SAST for deep code analysis and integration with external AI scanners like Gemini and Mythos.
2026-06-25 2026AI Threat Readiness Pillar 4: Detect and contain threats in real-timeAILibrary for real-time threat detection and containment, addressing AI-accelerated attacks and expanded attack surfaces. It emphasizes comprehensive telemetry across cloud control plane, AI workloads, and model input/output to provide full-context visibility. The library leverages AI for automated investigation and containment playbooks, crucial for modern security operations challenged by prompt injection, supply chain risks, and abuse of cloud-native AI services like Amazon Bedrock and Azure AI.
2026-06-25 2026How AI Is Rewriting the SecOps PlaybookAILibrary for understanding AI's impact on SecOps, emphasizing the shift from reactive to proactive security. It highlights the necessity of pre-existing, continuously updated environmental context for workloads and interactions across model, workload, and cloud layers. This approach enables rapid, AI-assisted incident response by correlating disparate signals and determining if behaviors deviate from intended functionality, providing defenders with a crucial advantage over attackers.
2026-06-24 2026Wiz launches support for Google Cloud excessive access findings based on audit logsAuthZLibrary support for Google Cloud excessive access findings analyzes audit logs, providing visibility into over-provisioned permissions and inactive users/service accounts. This enables organizations to enforce the principle of least-privilege access and prevent privilege escalation, even for customers without IAM Recommender enabled or those on lower Security Command Center pricing tiers. Wiz identifies identity risks that can create attack paths, such as publicly exposed compute instances with excessive privileges.
2026-06-24 2026Biden's AI Executive Order: What it says, and what it means for security teamsAIAnalysis of Executive Order 14110 provides security teams with practical implications for AI development and deployment. Key directives include establishing rigorous NIST standards for red-team testing, prioritizing privacy-preserving techniques, and ensuring equitable AI use in the workforce. For the healthcare sector, it mandates safety programs and responsible AI development. The order also emphasizes fairness in criminal justice applications of AI, impacting areas like risk assessments and predictive policing.
2026-06-23 2026Secure non-human identities with Wiz’s newest CIEM dashboardAuthZSecretsDashboard for securing non-human identities, addressing risks like exposed, privileged, or vulnerable service accounts, with 42% of organizations exhibiting such issues. This CIEM tool offers visibility into machine identities, detects risky service accounts, visualizes activity by country, and prioritizes risks. It leverages attack path analysis to identify lateral movement and data access pathways, aiding security teams in multi-cloud environments without requiring deep expertise in each platform.
2026-06-23 2026Wiz Enhances AI-SPM Support for Amazon BedrockAILibrary enhancing AI-SPM support for Amazon Bedrock. This offering provides AI-BOM visibility into Amazon Bedrock custom models and fine-tuned jobs, visualizing the model, training data, and access. It includes out-of-the-box configuration rules to assess Amazon Bedrock setup and detect misconfigurations, such as the absence of customer-managed encryption keys. Additionally, it extends attack path analysis to Amazon Bedrock, correlating vulnerabilities, misconfigurations, identities, data, and secrets to prioritize critical AI risks for secure generative AI application development.
2026-06-23 2026Leaky Vessels: runC and BuildKit container escape vulnerabilities - everything you need to knowRCESupply ChainWriteup detailing "Leaky Vessels," container escape vulnerabilities in runC (CVE-2024-21626) and BuildKit (CVE-2024-23651, CVE-2024-23652, CVE-2024-23653). The runC flaw allows host filesystem access via leaked file descriptors, posing significant risk to Kubernetes and build pipelines. BuildKit issues involve race conditions and mount feature manipulation enabling host file modification or deletion, or elevated container privileges when using the security.insecure entitlement. The analysis highlights affected Linux distributions and cloud providers, emphasizing the widespread risk and advising immediate patching.
2026-06-23 2026Critical Vulnerabilities in Ivanti Exploited in-the-Wild: everything you need to knowRCEReference detailing CVE-2023-46805, CVE-2024-21887, CVE-2024-21888, and CVE-2024-21893, critical vulnerabilities affecting Ivanti Connect Secure and Policy Secure. These flaws, including authentication bypass, command injection, privilege escalation, and SSRF, have been exploited in-the-wild. The entry highlights urgent patching recommendations, mitigation strategies, and detection methods for affected Ivanti products.
2026-06-23 2026New EKS Access Management and Pod Identity features: a security analysisAuthZAnalysis of EKS Access Management and Pod Identity features reveals their impact on existing security controls. These new mechanisms, including "access entries" and "access policies" for cloud-to-cluster interaction, and the "eks-pod-identity-agent" for cluster-to-cloud communication, simplify identity management but introduce new complexities in permission auditing. Understanding the "API_AND_CONFIG_MAP" authentication mode and the union of access rules from both EKS API and `aws-config` is crucial for calculating effective permissions, alongside managing the security of identity tokens against lateral movement vectors.
2026-06-23 2026Wiz AI-SPM extends support to Microsoft Azure OpenAI Service modelsAITool for Cloud Security Posture Management (CSPM) that extends support to Microsoft Azure OpenAI Service models. Wiz AI-SPM offers full visibility into AI pipelines and risks within Azure AI Services, including misconfiguration rules, detection of toxic combinations, and attack path analysis to identify potential lateral movement. It provides agentless inventory of all Azure AI services and technologies, allowing security teams to manage their use and map them on the Wiz Security Graph for end-to-end pipeline visibility.
2026-06-23 2026Midnight Blizzard attack on Microsoft corporate environment: a detailed analysis, detections and recommendationsBug BountyAnalysis of the Midnight Blizzard attack on Microsoft's corporate environment details the APT29 actors' exploitation of a legacy, non-production test tenant account lacking MFA. The attackers leveraged OAuth applications, specifically abusing the `Directory.ReadWrite.All`, `RoleManagement.ReadWrite.Directory`, `Application.ReadWrite.All`, and `AppRoleAssignment.ReadWrite.All` MS Graph permissions, to create a new global administrator user within the production tenant. This allowed them to grant elevated `full_access_as_app` permissions to new malicious OAuth applications, ultimately compromising corporate mailboxes through techniques including password spraying and illicit consent.
2026-06-23 2026New attack vectors in EKSAuthZAnalysis of new EKS attack vectors introduced by EKS Access Entries and Pod Identity, detailing how compromised IAM identities can enumerate accessible clusters via `ListAssociatedAccessPolicies` and `DescribeAccessEntry` APIs. The report further explores privilege escalation possibilities on both cloud and Kubernetes RBAC levels, including scenarios involving `AmazonEKSClusterAdminPolicy`, `AmazonEKSEditPolicy`, and exploitation of exposed secrets or sensitive `ConfigMap` files.
2026-06-23 2026February Fortinet Advisory: everything you need to knowRCEAdvisory detailing critical RCE vulnerabilities CVE-2024-21762 and CVE-2024-23113 in FortiOS and FortiProxy. CVE-2024-21762, a buffer overflow in SSL-VPN, is actively exploited. CVE-2024-23113, a format string vulnerability in fgfmd, affects recent versions. Mitigations include disabling SSL VPN or removing FGFM access. Wiz customers can utilize Wiz Threat Center queries for detection.
2026-06-23 2026Authentication bypass vulnerabilities in TeamCity: everything you need to knowAuthNWriteup detailing CVE-2024-27198 and CVE-2024-27199, critical authentication bypass vulnerabilities in JetBrains TeamCity On-Premises versions prior to 2023.11.4. These flaws allow unauthenticated attackers to gain administrative control by manipulating URLs to access authenticated endpoints, enabling actions like creating new administrator accounts. CVE-2024-27199 also leverages path traversal to modify system settings and leak sensitive information. A security patch plugin is available as a workaround for those unable to immediately update.
2026-06-23 2026Monitor sensitive data [3**-** ***7] that resides in codeSecretsLibrary for monitoring sensitive data like PII, PHII, and PCI within codebases, pull requests, and CI/CD pipelines. Utilizing Wiz's DSPM capabilities, it helps reduce accidental data exposure, prevent compliance violations under GDPR, CCPA, PCI-DSS, and HIPAA, and establish organizational baselines. Developers and security teams can leverage the Wiz CLI or version control scanners to identify and remediate sensitive data during the development process.
2026-06-23 2026NamespaceHound: protecting multi-tenant K8s clustersAuthZTool for assessing Kubernetes multi-tenant cluster risks, NamespaceHound detects potential namespace crossing violations and anonymous access opportunities. This open-source Python CLI tool analyzes cluster configurations to identify attack paths that could lead to cross-tenant security breaches. It helps cluster operators and red teamers by revealing vulnerabilities, extending the PEACH framework for tenant isolation assessment.
2026-06-22 2026Improve MTTR with Wiz’s AI-powered remediation guidance using Microsoft Azure OpenAI serviceAILibrary that leverages Azure OpenAI Service for AI-generated remediation guidance. This feature enhances attack path analysis by correlating risks from the Wiz Security Graph and then uses GenAI models to provide tailored, copy-pasteable remediation steps for various environments including CLI, Terraform, and CloudFormation. This aims to significantly reduce Mean Time to Remediate (MTTR) and makes security more accessible to non-security teams.
2026-06-22 2026Security Posture Management for GitHub: spotting and fixing risks in your GitHub organization just got a lot easierSupply ChainLibrary for Security Posture Management for GitHub, this tool identifies and mitigates risks from misconfigured GitHub organizations, repositories, and branches. It evaluates misconfigurations, identity, and secrets, alongside cloud context, to prioritize attack paths impacting your VCS. Customers can measure their posture against the OpenSSF's Source Code Management Best Practices Guide by assessing their GitHub instance against over 30 configuration rules.
2026-06-22 2026Backdoor in XZ Utils allows RCE: everything you need to knowRCESupply ChainAnalysis of CVE-2024-3094, a critical RCE vulnerability in XZ Utils versions 5.6.0 and 5.6.1, detailing the supply chain compromise. The backdoor, injected via obfuscated test files during compilation on specific Linux distributions, targets liblzma and can affect OpenSSH, leading to remote code execution. Exploitation requires specific runtime conditions, including the absence of the TERM environment variable and targeting of the sshd binary. Mitigation involves downgrading XZ Utils versions and hunting for suspicious activity.
2026-06-22 2026Top security talks from KubeCon Europe 2024TalksTalks from KubeCon Europe 2024 offer insights into Kubernetes security. Sessions cover threat intelligence frameworks using eBPF, strategies for securing clusters beyond Pod Security Admission, modern container image building techniques, and the realistic abilities and limitations of eBPF. Privilege escalation tactics and post-compromise activities are detailed, alongside methods for gaining initial access to clusters and exploiting managed Kubernetes services like GKE, AKS, and EKS.
2026-06-22 2026Defense in depth: XZ UtilsSupply ChainTool for detecting and mitigating CVE-2024-3094, a backdoor affecting XZ Utils. This application uses agentless scanning and SBOM search to identify exposure, and offers CLI scanning and runtime policies for prevention. It also leverages Linux sensors for detecting post-exploitation activity.
2026-06-22 2026Wiz Research finds architecture risks that may compromise AI-as-a-Service providers and consequently risk customer data; works with Hugging Face on mitigationsAIWriteup of AI-as-a-Service infrastructure risks, detailing how Wiz Research collaborated with Hugging Face to address vulnerabilities. The analysis highlights shared inference infrastructure takeover via malicious, pickle-serialized models and potential CI/CD pipeline compromise through malicious AI applications. These findings underscore the critical need for robust tenant separation and security practices within rapidly growing AI platforms to protect sensitive customer data and models from cross-tenant attacks.
2026-06-22 2026Finding the needle in the haystack: effortless SBOM search in your cloud with WizSupply ChainTool for cloud SBOM search, Wiz enables users to locate specific libraries and packages across their cloud environments. It helps identify obsolete or vulnerable components, such as the xz-utils backdoor (CVE-2024-3094), and the resources they are installed on. This visibility aids in risk assessment, remediation planning, and compliance by providing a comprehensive view of deployed software, including versions like Log4j and OpenSSL.
2026-06-22 2026Boosting efficiency with Wiz's AI-driven remediation steps powered by Amazon BedrockAIIntegration leveraging Amazon Bedrock provides AI-driven remediation guidance to enhance security and reduce mean time to remediate (MTTR). This solution analyzes Wiz Issues, which detect risks like vulnerabilities and misconfigurations, and generates actionable, copy-paste remediation steps for tools such as CLI, Terraform, and CloudFormation, empowering both security teams and developers to address risks efficiently.
2026-06-22 2026CVE-2024-4040 exploited in the wild: everything you need to knowRCEWriteup detailing CVE-2024-4040, a critical vulnerability in CrushFTP versions prior to 10.7.1 and 11.1.0. Initially described as a VFS sandbox escape allowing arbitrary file reads, researchers found it enables unauthenticated remote code execution and administrator bypass. Exploited in the wild, this flaw, potentially a server-side template injection, affects 1.7% of cloud environments. Updating to patched versions is crucial, as previous mitigation advice regarding DMZs has been retracted.
2026-06-21 2026The risk in malicious AI models: Wiz Research discovers critical vulnerability in AI-as-a-Service provider, ReplicateAILibrary detailing a critical vulnerability in Replicate, an AI-as-a-service provider. The vulnerability, discovered by Wiz Research, allowed for remote code execution via a malicious Cog container. This RCE enabled attackers to access a shared Redis instance, then use TCP injection via tools like `rshijack` to bypass authentication and inject Lua scripts. These scripts could modify customer prompts and redirect webhook notifications, potentially leading to cross-tenant data leakage and interference with AI model predictions.
2026-06-21 2026Wiz AI-SPM model scanning: Securely innovate with AI community modelsAILibrary for scanning hosted AI models, including PyTorch and Tensorflow formats sourced from Hugging Face or elsewhere. This library detects malicious models, such as those using pickle files for arbitrary code execution, and provides visibility into AI pipelines with an AI Bill of Materials (AI-BOM). It addresses supply chain risks associated with open-source models and offers runtime protection against suspicious model behavior.
2026-06-21 2026Critical RCE vulnerability in PHP CGI: everything you need to knowRCEWriteup of CVE-2024-4577, a critical RCE in PHP CGI, details its exploitation by TellYouThePass ransomware via argument injection on Windows systems. The vulnerability, particularly affecting Chinese and Japanese locales, leverages Windows' Best-Fit encoding feature to bypass previous protections. Affected PHP versions include 8.3 before 8.3.8, 8.2 before 8.2.20, and 8.1 before 8.1.29, as well as end-of-life versions. Mitigation involves upgrading PHP, applying temporary rewrite rules, or disabling CGI for XAMPP installations.
2026-06-21 2026Custom runtime rules and runtime response policies: new layers of defenseAPI SecLibrary introducing custom runtime rules and runtime response policies for cloud environments. These features enhance defense-in-depth by providing real-time threat detection through flexible rule creation based on process execution, network connections, DNS queries, network listening, and actors. Matches can trigger alerts, update security graphs, or initiate automated response policies, which can block high-certainty threats to mitigate damage and reduce manual effort.
2026-06-21 2026GenAI risks to be aware of — and prepare for — according to Gartner®AIAPI SecReport from Gartner identifies four major security risks associated with Generative AI (GenAI) and Large Language Models (LLMs): privacy and data security due to inadequate anonymization and third-party sharing; enhanced attack efficiency through sophisticated "smart malware" and automated attacks; misinformation spread via realistic synthetic content; and fraud and identity risks from deepfakes undermining biometric authentication. The report suggests vendors should integrate GenAI security considerations into product strategies to address these emerging threats and opportunities.
2026-06-21 2026Probllama: Ollama Remote Code Execution Vulnerability (CVE-2024-37032) – Overview and MitigationsAIRCEWriteup of CVE-2024-37032, "Probllama," a Remote Code Execution vulnerability in Ollama, the popular open-source AI model deployment tool. The vulnerability stems from insufficient input validation in the `/api/pull` endpoint, allowing path traversal to overwrite arbitrary files. This can be leveraged to achieve arbitrary file reads and ultimately remote code execution, particularly in Docker deployments where the server runs with root privileges. Users are advised to upgrade to Ollama version 0.1.34 or newer.
2026-06-21 2026RCE vulnerability in OpenSSH: everything you need to knowRCELibrary detailing CVE-2024-6387, a critical RCE-as-root vulnerability in OpenSSH (sshd) dubbed "regreSSHion." This signal handler race condition affects default configurations on 32-bit glibc-based Linux distributions, potentially leading to heap corruption and arbitrary code execution. Exploitation requires specific environmental conditions, making widespread attacks unlikely but possible against targeted, patient adversaries. Patches are available for affected versions, and organizations should upgrade and restrict internet-facing SSH access.
2026-06-21 2026How Wiz customers are flippin' vulnerabilities this July 4th weekendAPI SecLibrary demonstrating how three companies, Schrödinger, Schibsted, and a financial services firm, achieved zero critical cloud vulnerabilities by leveraging Wiz for enhanced visibility, proactive remediation, and DevSecOps integration. The approach includes using the Wiz Command Line Interface for early detection, integrating with JIRA for issue tracking, centralizing security across multiple brands, and automating security settings via API queries, enabling cross-team collaboration and informed risk prioritization.
2026-06-21 2026Enhance existing security workflows with high-fidelity cloud security data from Wiz in ServiceNowAPI SecLibrary for integrating Wiz's cloud security data into ServiceNow, enhancing existing IT, vulnerability response, compliance, and configuration management workflows. This integration populates ServiceNow Vulnerability Response with enriched vulnerability fields, Container Vulnerability Response with container image context, Configuration Compliance with misconfiguration findings mapped to frameworks, and the CMDB with accurate cloud inventory via a Service Graph Connector. It also generates tickets in ServiceNow ITSM for issue tracking and remediation, enabling teams to prioritize and fix cloud security issues with greater context and efficiency.
2026-06-21 2026SAPwned: SAP AI vulnerabilities expose customers’ cloud environments and private AI artifactsAIAPI SecLibrary for auditing SAP AI Core, exposing a vulnerability chain dubbed "SAPwned." This chain allows arbitrary code execution within SAP AI Core pods, bypassing network restrictions via `shareProcessNamespace` and `runAsUser`. Exploitable findings include leaked AWS tokens from Loki, unauthenticated EFS shares with customer AI data, and an unauthenticated Helm server compromising internal Docker registries and Artifactory. The Helm server also provides cluster-admin privileges on the Kubernetes cluster, enabling access to customer secrets, cloud credentials for AWS and Azure, and private AI artifacts.
2026-06-21 2026Your control tower to secure code across GitHub, GitLab, and Azure ReposAPI SecSupply ChainLibrary that unifies code security across GitHub, GitLab, and Azure Repos. It leverages a Security Graph for holistic visibility, detailed ownership mapping, and risk prioritization. Wiz scans code for vulnerabilities, IaC misconfigurations (Terraform, CloudFormation, Kubernetes), secrets, and malware. It also checks VCS configurations against benchmarks like OpenSSF SCM Best Practices and OWASP TOP10 CI/CD. WizCLI integrates with CI/CD pipelines, offering a unified policy engine and consolidated findings for secure code delivery.
2026-06-21 2026Introducing the Prompt Airlines CTF: Test Your AI Security SkillsAIBug BountyLibrary for testing AI security skills, the Prompt Airlines CTF challenges participants to identify and exploit vulnerabilities in AI systems. The CTF provides a hands-on environment to explore common AI security risks, including those found in large language models and other AI integrations. Success in the CTF demonstrates proficiency in securing AI applications and understanding their unique attack surfaces.
2026-06-20 2026Emerging phishing campaign targeting AWS accountsAuthNWriteup on an emerging phishing campaign targeting AWS accounts, detailing its use of redirect chains via services like squarespace.com and cli.re to reach credential harvesting pages, often visually cloning the legitimate AWS sign-in page. The campaign leverages Amazon SES and CloudFront, with observed attacker-controlled domains including consoleportal[.]tech. It emphasizes securing AWS environments by disabling root logins via SCP, using FIDO security keys for MFA, enforcing SSO, implementing least privilege, and enabling Amazon CloudTrail for logging and impact assessment.
2026-06-20 2026Defeating Kubernetes Privilege Escalation: A Cloud Detection & Response Case StudyAuthZCase study detailing a real-world attack where adversaries escalated privileges from Kubernetes to AWS control planes. The attack leveraged a newly published RCE CVE on an open-source application running on an EKS pod's EC2 instance, which was misconfigured with internet access. This allowed exploitation to gain access to the EC2 instance IAM role via the Instance Metadata Service (IMDS), highlighting the need for rapid, contextualized cloud detection and response.
2026-06-20 2026AWS Console Session Traceability: How Attackers Obfuscate Identity Through the AWS ConsoleAuthNWriteup on the "Console Conceal" technique, which attackers can use to obfuscate their identity within AWS by manipulating role session names and exploiting a quirk in how AWS Console actions are logged in CloudTrail. This method bypasses standard traceability, making it difficult to attribute actions back to compromised credentials, especially when SourceIdentity is not configured. The analysis details how attackers can assume roles with misleading session names and how security teams can still investigate by correlating actions with the original AssumeRole events.
2026-06-20 2026Avoiding security incidents due to request collapsingAPI SecLibrary for mitigating security incidents caused by request collapsing in web caching, a feature of caching services like Amazon CloudFront that can return sensitive data intended for one user to multiple others. This behavior occurs when multiple identical requests for the same cache key arrive before the first response is returned, leading to delayed requests receiving a response that should not have been cached, even when Cache-Control: no-cache is used. The library suggests using the "CachingDisabled" managed cache policy or setting minimum TTL to 0 and configuring the origin to send Cache-Control: no-cache.
2026-06-19 2026Wiz Research Finds Critical NVIDIA AI Vulnerability Affecting Containers Using NVIDIA GPUs, Including Over 35% of Cloud EnvironmentsAILibrary detailing CVE-2024-0132, a critical container-escape vulnerability in the NVIDIA Container Toolkit that allows attackers to gain full host system access. This affects AI applications using GPUs within containers and is particularly concerning for shared compute environments like Kubernetes. Organizations are advised to update the NVIDIA Container Toolkit to version 1.16.2 and the NVIDIA GPU Operator to version 24.6.2 to mitigate this risk.
2026-06-19 2026Supply chain attack on lottie-player: everything you need to knowSupply ChainLibrary compromise impacting lottie-player versions 2.0.5 through 2.0.7. Malicious code injected via a compromised npm token allowed attackers to serve Web3 wallet connection prompts, aiming to steal cryptocurrency. Organizations like 1inch were affected, with at least one reported loss of 10 Bitcoin. Developers should audit dependencies and update to version 2.0.8 or revert to 2.0.4.
2026-06-19 2026Tricks and Treats: Top 3 GenAI Security Best Practices for a Safer HalloweenAIAnalysis of GenAI security risks including data poisoning, model theft, and adversarial attacks. Best practices focus on eliminating shadow AI through an AI Bill of Materials (AI-BOM), safeguarding sensitive data with encryption and DLP policies, and establishing a swift incident response plan. This addresses supply chain attacks in libraries like lottie-player and enhances cloud-native security for serverless containers.
2026-06-19 2026Introducing the next generation of AI-powered remediation: Choose your own remediation strategyAILibrary that uses GenAI and Wiz Research's expertise to generate granular, contextual remediation guidance for cloud security issues, including "toxic combinations." It allows users to select remediation strategies based on risk, cloud context, and business needs, breaking down complex issues into actionable steps. The system accounts for various risk factors like misconfigurations, vulnerabilities, and external exposure, offering tailored advice for patching vulnerabilities, scoping access, removing exposure, and reducing permissions.
2026-06-19 2026Data access governance: Who's got the keys to your data kingdom?AuthZCapabilities for data access governance leverage Wiz DSPM and CIEM to discover sensitive data, analyze effective permissions of human and non-human identities, and govern access to critical data across multi-cloud environments, including Snowflake and OpenAI, while identifying and remediating risky identities with access to sensitive information.
2026-06-19 2026Unmasking Phishing: Strategies for identifying 0ktapus domains and beyondOSINTReference detailing strategies for identifying phishing domains, with a focus on the 0ktapus threat actor. It categorizes and analyzes various Document Object Model (DOM) templates used by 0ktapus, providing unique characteristics, example domains, and activity periods for each. This resource aids in detecting known and unknown phishing campaigns by offering a framework for analyzing phishing infrastructure, including techniques for pivoting between landing pages and identifying specific phishing kits like EIGHTBAIT.
2026-06-19 2026Making Sense of Kubernetes Initial Access Vectors Part 1 – Control PlaneReconLibrary introducing a taxonomy of Kubernetes initial access vectors, focusing on control plane threats like unauthenticated API access, exposed Kubeconfig files, `kubectl proxy`, and misconfigured Kubelet APIs. It details associated risks, including those tied to AKS, EKS, and GKE, and outlines protection and detection strategies. The library also touches on risks from exposed management interfaces like Kubernetes Dashboard and Kubeflow.
2026-06-19 2026Making Sense of Kubernetes Initial Access Vectors Part 2 - Data PlaneReconLibrary on Kubernetes data plane initial access vectors, detailing risks from applications, container images, and execution-as-a-service. It covers attack paths through vulnerable pods, abuse of RBAC, and system privilege escalation, referencing vulnerabilities like Leaky Vessels and cross-tenant issues found in services like HuggingFace and Replicate. Recommendations include namespace separation, Pod Security Standards, image signature verification, and user namespaces to mitigate lateral movement and privilege escalation.
2026-06-19 2026Introducing new Amazon Q Developer plugin for WizAILibrary extends Amazon Q Developer with a Wiz plugin, bringing Wiz's Cloud-Native Application Protection Platform (CNAPP) capabilities directly into the AWS console. This integration allows AWS developers to query their cloud security posture using natural language, gaining immediate insights into risks such as critical attack paths and the riskiest assets. By democratizing security and reducing operational overhead, the plugin empowers developers to uphold security best practices and prioritize remediation efforts effectively without leaving their familiar AWS environment.
2026-06-19 2026The President’s Executive Actions on AI Have a Lot to Say on CybersecurityAIAnalysis of the President's Executive Order on AI and NSPM-11, highlighting shifts from static compliance to risk-based vulnerability prioritization. CISA's BOD 26-04 mandates rapid remediation of actively exploited vulnerabilities, replacing older directives like BOD 22-01 and BOD 19–02. This framework emphasizes context-driven assessment and AI-enabled defensive tools for faster detection, investigation, and remediation, influencing federal contracts and private sector partnerships.
2026-06-18 2026Ultralytics AI Library Hacked via GitHub for CryptominingPythonSupply ChainLibrary exploiting GitHub Actions for supply chain attack. Versions 8.3.41 and 8.3.42 of the Ultralytics Python package were compromised, injecting XMRig cryptominer. The attack leveraged a vulnerability in the "Publish Docs" workflow, allowing arbitrary code execution via crafted branch names. This impacted not only Ultralytics but also dependent packages like ComfyUI Impact Pack, highlighting risks in CI/CD pipelines and popular AI libraries.
2026-06-18 2026New Developments in LLM Hijacking ActivityAIAuthZWriteup detailing the JINX-2401 LLM hijacking campaign targeting AWS environments. The campaign involves using compromised IAM credentials to invoke Bedrock models, employing privilege escalation and persistence techniques. Wiz Research identified specific IAM username and policy naming patterns, alongside failed attempts to create and access LLM models, ultimately blocked by SCPs. This analysis also touches on broader LLM abuse trends and detection strategies within AWS.
2026-06-18 2026Under the Radar: Exploring Spring Boot Actuator MisconfigurationsRCESecretsLibrary for detecting Spring Boot Actuator misconfigurations that can leak sensitive data like environment variables, passwords, and API keys, or even lead to remote code execution. The library highlights common vulnerabilities such as exposed `/heapdump` files and insecure `/gateway/routes` endpoints, particularly noting CVE-2022-22947 in Spring Cloud Gateway versions and default exposures prior to Spring Boot Actuator 1.5.
2026-06-18 2026The many ways to obtain credentials in AWSAuthNSecretsLibrary detailing numerous methods for obtaining AWS credentials, including IAM role credentials via the Instance Metadata Service (IMDSv1/v2), AWS SDK credential providers (environment variables, credential files), container credential URIs for ECS/EKS, EKS Pod Identities, IRSA, IoT certificate-based authentication, IAM Roles Anywhere, Cognito's GetCredentialsForIdentity, and Datasync's certificate authentication.
2026-06-18 2026Avoiding mistakes with AWS OIDC integration conditionsAuthNLibrary documenting mistakes in AWS OIDC integration conditions, highlighting issues with GitHub Actions, Terraform Cloud, Microsoft Defender, and GitLab. It emphasizes the importance of specific IAM trust policy conditions like "sub" and "sts:RoleSessionName" to prevent unauthorized access, detailing variations across over twenty vendors and built-in AWS identity providers, and advises ensuring both "aud" and "sub" conditions when available.
2026-06-18 2026Breaking the Chain: Wiz Uncovers a Signature Verification Bypass in Nuclei, the Popular Vulnerability Scanner (CVE-2024-43405)Supply ChainWriteup detailing CVE-2024-43405, a critical signature verification bypass discovered in Nuclei, the popular open-source vulnerability scanner from ProjectDiscovery. This vulnerability, uncovered by Wiz, could enable arbitrary code execution by allowing malicious templates to bypass the existing signature verification mechanism, which relies on ASN.1 encoded ECDSA signatures. The bypass exploits subtle issues within the regex-based signature extraction and removal logic, potentially compromising systems running untrusted Nuclei templates.
2026-06-18 2026CVE-2025-0282 and CVE-2025-0283: Critical Ivanti 0days Exploited in the WildRCEWriteup detailing CVE-2025-0282 and CVE-2025-0283, zero-day vulnerabilities actively exploited in Ivanti Connect Secure. CVE-2025-0282 allows unauthenticated remote code execution via a stack-based buffer overflow. Exploitation campaigns have been linked to the UNC5337 group and other actors deploying malware like DRYHOOK and PHASEJAM, engaging in reconnaissance, privilege escalation, and data exfiltration. Ivanti recommends immediate patching and utilizing their Integrity Checker Tool.
2026-06-18 2026Introducing the Red Agent POV SeriesAITool demonstrating an AI-powered pentester, the Red Agent, which autonomously discovers logic-driven vulnerabilities and multi-step attack chains at machine speed. It reasons about application behavior, learns from failed probes, and synthesizes complex attack paths to uncover issues like broken access control, leaked secrets, RCE, SQL injection, PII/PHI exposure, and JWT `alg:none` bypasses, as detailed in its first blog post on SSRF exploitation.
2026-06-18 2026The Red Agent POV: How it Reasoned its Way to SSRFSSRFLibrary that details a multi-step SSRF exploit against a GCP Cloud Run service. The exploit chains a GitHub URL validation bypass with a double-slash absolute path technique to read sensitive files like `/proc/self/environ` and application source code. The underlying methodology involves iterative attack strategy execution and reflection, focusing on path traversal and URL confusion techniques before the breakthrough bypass.
2026-06-17 2026Wiz Research Identifies Exploitation in the Wild of Aviatrix Controller RCE (CVE-2024-50603)AuthZRCEWriteup of CVE-2024-50603, an unauthenticated RCE in Aviatrix Controller, detailing its command injection flaw and exploitation in the wild for cryptojacking and Sliver backdoor deployment. The vulnerability, stemming from improper input neutralization in API endpoints like `list_flightpath_destination_instances`, allows arbitrary command execution. Wiz Research observed exploitation leading to privilege escalation in AWS control plane environments, with affected versions requiring urgent patching to 7.1.4191 or 7.2.4996.
2026-06-17 2026Wiz Research Uncovers Exposed DeepSeek Database Leaking Sensitive Information, Including Chat HistorySecretsAnalysis of a publicly accessible ClickHouse database linked to DeepSeek, discovered by Wiz Research, reveals extensive exposure of sensitive information including over a million lines of chat history, secret keys, and backend details. This unauthenticated exposure allowed full control over database operations and potential privilege escalation, highlighting the critical risks of rapid AI adoption without corresponding infrastructure security.
2026-06-17 2026How Wiz found a Critical NVIDIA AI vulnerability: Deep Dive into a container escape (CVE-2024-0132)RCEWriteup detailing CVE-2024-0132, a critical container escape vulnerability in NVIDIA Container Toolkit and GPU Operator. This vulnerability allows attackers who control a container image to gain full access to the host system by mounting the host's root filesystem and exploiting access to container runtime sockets. The article discusses exploitation methods against Docker and gVisor, mentions a bypass vulnerability (CVE-2025-23359), and recommends updating to NVIDIA Container Toolkit version 1.17.4 for mitigation.
2026-06-17 2026The Overlooked Attack Surface: Securing Code Repositories, Pipelines, and Developer InfrastructureSupply ChainLibrary for securing developer infrastructure, extending Application Security Posture Management (ASPM) to code repositories, CI/CD pipelines, and artifact registries. It continuously assesses configurations, maps identities, and detects threats across the software supply chain, citing examples like the Ultralytics PyPI attack and Kong's DockerHub compromise. The library integrates with cloud security posture management and detection and response principles, mapping controls to frameworks like CIS Benchmarks and OWASP TOP10 CI/CD Security Risks for proactive risk management.
2026-06-17 2026GitHub Action tj-actions/changed-files supply chain attack: everything you need to knowSecretsSupply ChainLibrary detailing CVE-2025-30066, a supply chain attack on the tj-actions/changed-files GitHub Action. This attack injected malicious code, causing affected public repositories to leak secrets within workflow logs. The compromise, also potentially linked to reviewdog/action-setup, involved a compromised GitHub Personal Access Token (PAT). Mitigation steps include rotating leaked secrets like AWS keys and GitHub PATs, removing references to the affected action, and pinning future actions to specific commit hashes.
2026-06-17 2026New GitHub Action supply chain attack: reviewdog/action-setupSecretsSupply ChainLibrary detailing a GitHub Action supply chain attack targeting reviewdog/action-setup@v1. This vulnerability, likely a precursor to the tj-actions/changed-files compromise, involved malicious code injected into CI workflows to dump secrets from CI runner memory. Affected repositories, particularly public ones, risked leaking secrets via workflow logs, necessitating immediate rotation of any exposed credentials. Mitigation involves identifying affected workflows, checking for the malicious payload, and removing references to the compromised action.
2026-06-16 2026Securing Cloud Databases: Best Practices with ClickHouse and WizSecretsLibrary for securing ClickHouse databases, this resource details best practices and out-of-the-box security controls in light of incidents like the Deepseek AI breach. It highlights the importance of TLS encryption, administrator account authentication, and strict authorization policies, addressing misconfigurations such as publicly exposed instances without restrictions and default users without passwords. The library also covers ClickHouse's built-in features like RBAC and provides guidance to prevent data exposure in cloud environments.
2026-06-16 2026How to use the new CloudTrail network activity events for AWS VPC EndpointsAuthZReference on AWS VPC Endpoint CloudTrail network activity events, detailing how to enable and utilize these new opt-in events for CloudTrail to gain visibility into API activity traversing VPC Endpoints. It covers using these logs for safely developing VPC Endpoint Policies, detecting data exfiltration, and understanding network connections between VPC services and AWS resources, with specific mention of supported services like S3 and KMS, and considerations for cost and coverage compared to Data Events.
2026-06-16 2026IngressNightmare: CVE-2025-1974 - 9.8 Critical Unauthenticated Remote Code Execution Vulnerabilities in Ingress NGINXAPI SecRCEWriteup of IngressNightmare (CVE-2025-1974), a series of critical unauthenticated RCE vulnerabilities affecting Ingress NGINX Controller for Kubernetes. This flaw allows attackers to gain unauthorized access to all cluster secrets, enabling complete cluster takeover. The vulnerabilities stem from remote NGINX configuration injection into the admission controller, a common, often externally exposed, component. Exploitation has been observed in over 6,500 clusters. Mitigation involves updating to patched versions or disabling the admission controller.
2026-06-16 2026Top security talks from KubeCon Europe 2025TalksTalks from KubeCon Europe 2025 highlight evolving Kubernetes security, focusing on operationalization over offensive tactics. Sessions covered challenges in Network Policy implementations and mTLS for internal communication, proposed AI-native access control architectures for agents, discussed prompt security and AI Gateway solutions, and detailed new techniques for enhancing Software Composition Analysis resilience against container image obfuscation. Wiz's own talk projected future Kubernetes security needs, emphasizing securing AI workloads, peripheral components like Ingress controllers, and cloud-cluster integration.
2026-06-16 2026CIEM and Secure Cloud Access: Best Practices from Wiz and CyberArkAuthZLibrary integrating Wiz and CyberArk, this resource details best practices for Cloud Infrastructure Entitlements Management (CIEM) and Secure Cloud Access. It emphasizes gaining full visibility into cloud identities and permissions, enforcing least privilege, prioritizing critical attack paths, and implementing Zero Standing Privileges (ZSP). The entry also covers applying privilege controls post-authentication, maintaining continuous identity governance, and enabling on-demand access for unplanned events, aiming to balance security with productivity.
2026-06-16 2026Research Briefing: MCP SecurityAILibrary for securing Model Context Protocol (MCP) integrations, detailing supply chain risks from unvetted GitHub repositories, typosquatting, impersonation, and account takeovers in registries. It addresses local server vulnerabilities like arbitrary code execution and remote server risks including RCE, credential theft, and data leakage. The library also covers MCP client security, highlighting issues with auto-run features, tool name conflicts, slash command hijacking, and indirect prompt injection, offering guidance for early adopters to mitigate these evolving threats.
2026-06-16 2026Introducing the MCP Server for Wiz: Smarter AI Context, Stronger Cloud SecurityAIReference on the Wiz Model Context Protocol (MCP) Server, an AI integration standard used to unify security data, enhance cloud visibility, and provide contextual intelligence for security investigations. The MCP Server facilitates natural language queries for risk assessment, inventory discovery, and remediation workflows, including integration with IDEs for instant vulnerability fixes and Wiz Defend for threat containment. The entry also highlights potential security risks associated with MCP data handling.
2026-06-16 2026Wiz Data Foundations: Where’s My Sensitive Data—And Who Can Access It?AuthZLibrary for cloud data security that offers visibility into sensitive data locations and access controls. It features an agentless scan to detect and classify sensitive data, a Data Stores Treemap for visualizing data distribution by resource type and sensitivity, and multiple workflows to explore access entitlements by data store, identity, or through the Security Graph. The library helps identify who can access sensitive data, how access was granted, and any associated risks, supporting workflows from broad trends to deep, targeted investigations.
2026-06-16 2026Federal Data, Meet your New Bodyguard: DSPM joins Wiz for GovernmentAuthZLibrary for automated sensitive data discovery and classification within FedRAMP environments. This DSPM solution provides visualization of data residency, access controls, and attack paths, aiding in compliance with regulations like GDPR, CCPA, HIPAA, FISMA, OMB M-17-12, CMMC, and Zero Trust principles. It supports agentless scanning, custom data classification rules, and AI readiness by identifying sensitive training data and potential leaks, ultimately reducing the data attack surface and accelerating federal data security use cases.
2026-06-16 2026What Analyzing Hundreds of Thousands of Cloud Environments Taught Us About Data ExposureAuthZReport analyzing hundreds of thousands of cloud environments, revealing that 54% have exposed VMs and serverless instances with sensitive data, and 35% of these are also vulnerable to critical threats. It highlights that 72% of environments have publicly accessible PaaS databases lacking access controls, and 12% still have exposed and exploitable containers. The findings emphasize the need to prioritize actions based on the context of exposure, vulnerability, and data sensitivity.
2026-06-16 2026Introducing WizOS: Securing Wiz from the ground up with hardened, near-zero-CVE container base images.Supply ChainLibrary for hardened, near-zero-CVE container base images, WizOS, offers a secure foundation for cloud-native applications. It transitions from Alpine's musl to glibc, supports a wider range of applications, and builds every component from source with signing and provenance. WizOS provides a reproducible build pipeline, reducing critical and high CVEs to near zero, thus minimizing build pipeline interruptions and allowing developers to focus on application logic. It's designed as a drop-in replacement for Alpine-based images and is currently available in private preview for Wiz customers.
2026-06-16 2026Ivanti EPMM RCE Vulnerability Chain Exploited in the WildRCEWriteup of Ivanti EPMM RCE vulnerability chain exploitation, detailing how CVE-2025-4427 (authentication bypass) and CVE-2025-4428 (post-auth RCE via Java Expression Language injection) are combined for unauthenticated remote code execution. The analysis includes observed exploitation in the wild, use of Sliver beacons, MySQL database dumping, and web shell deployments, referencing affected versions and patched releases.
2026-06-15 2026DevOps Tools Targeted for CryptojackingSupply ChainLibrary for detecting and defending against cryptojacking campaigns, specifically targeting DevOps tools like HashiCorp Nomad, Consul, Docker API, and Gitea. This campaign, designated JINX-0132, exploits known misconfigurations and vulnerabilities, including an unpatched RCE in Gitea (CVE-2020-14144) and default Nomad job queueing behavior, to deploy the XMRig miner. Attackers leverage publicly available resources like GitHub repositories for payloads and avoid traditional IOCs, complicating detection.
2026-06-15 2026Rules Files for Safer Vibe CodingAILibrary for crafting secure AI-generated code. This resource outlines the creation of "rules files," a pattern to provide standard security guidance to AI coding assistants. It details best practices for rules file construction, common vulnerabilities in AI-generated code such as CWE-94 (Code Injection) and CWE-306 (Missing Authentication), and research-based prompting techniques to reduce risk. The project open-sources baseline rules files for popular languages and frameworks like Python (Flask, Django), Javascript (React, Node.js), Java (Spring), and .NET (ASP.NET Core), compatible with tools such as Cursor, Cline, Claude, Windsurf, Codex, Aider, and GitHub Copilot.
2026-06-15 2026Lean and Mean: How We Fine-Tuned a Small Language Model for Secret Detection in CodeAILibrary fine-tuning LLAMA-3.2-1B achieves 86% precision and 82% recall for secret detection in code, outperforming regex-based methods. This lean model offers a cost-effective, privacy-preserving alternative to large language models for enterprise-scale scanning. The process involved multi-agent data labeling with models like Sonnet, strategic data filtration, and Low-Rank Adaptation (LoRA) for efficient fine-tuning.
2026-06-15 2026AI Is Everywhere—But Security Teams Are Still Catching UpAIReport on AI security readiness surveying 96 organizations, finding 87% use AI services from platforms like OpenAI and Amazon Bedrock, yet 31% cite a lack of AI security expertise as their top challenge. Most rely on traditional controls such as secure development processes and tenant isolation, with only 13% utilizing AI-specific security posture management. This lack of AI-specific protections and visibility, especially in multi-cloud environments, exposes organizations to risks like sensitive data exposure and misconfigurations, with 25% unaware of all AI services in their environment.
2026-06-15 2026Leaking Secrets in the Age of AIAISecretsLibrary for identifying AI-related secret leakage in public code repositories. The analysis found that `.ipynb` notebook files and configuration files like `mcp.json` and `.env` are particularly prone to exposing secrets from emerging AI vendors, impacting numerous companies. This research highlights critical gaps in current secrets scanning tools and practices, especially concerning the handling of AI development artifacts.
2026-06-15 2026Exposed JDWP Exploited in the Wild: What Happens When Debug Ports Are Left OpenRCELibrary for detecting and preventing attacks exploiting exposed Java Debug Wire Protocol (JDWP) interfaces. This protocol, often unintentionally exposed in popular applications like TeamCity, Jenkins, and Spring Boot, allows for remote code execution. Attackers can leverage this misconfiguration to deploy malware, establish persistence through various methods including systemd services and cron jobs, and execute stealthy cryptomining payloads like customized XMRig. The library aids in identifying exploitation attempts and the subsequent malicious activities, such as those observed in the wild with rapid exploitation of JDWP ports.
2026-06-15 2026Critical vulnerabilities in NetScaler ADC exploited in-the-wild: everything you need to knowAPI SecAnalysis of CVE-2025-5349, CVE-2025-5777, and CVE-2025-6543, critical vulnerabilities in NetScaler ADC and Gateway. CVE-2025-5777, a memory overread, and CVE-2025-6543, a memory overflow, have been exploited in the wild, with the latter described as a 0-day. CVE-2025-5349 is an improper access control flaw. Organizations are advised to patch urgently to mitigate risks including unauthorized access, sensitive data leakage, and potential remote code execution.
2026-06-15 2026Why AppSec and CloudSec Belong Together in the Age of AIAILibrary for unifying application security (AppSec) and cloud security (CloudSec) in cloud-native environments, particularly with the rise of AI. It addresses workflow breakdowns and scattered responsibilities by fostering shared context, enabling automated ownership mapping, and integrating fixes directly into developer workflows. This approach aims to accelerate remediation and reduce real risk by tracing vulnerabilities from code to runtime, as demonstrated by findings such as exposed DeepSeek databases and RCE flaws in Ollama, alongside critical NVIDIA AI stack vulnerabilities.
2026-06-15 2026NVIDIAScape - Critical NVIDIA AI Vulnerability: A Three-Line Container Escape in NVIDIA Container Toolkit (CVE-2025-23266)AIRCELibrary for discovering CVE-2025-23266, a critical NVIDIA Container Toolkit vulnerability allowing a three-line Dockerfile escape to gain root access on the host. This flaw, dubbed #NVIDIAScape, impacts managed AI cloud services by enabling malicious containers to bypass isolation and compromise other customers' data and models on shared GPU infrastructure. Affected versions include NCT up to v1.17.7 and NVIDIA GPU Operator up to 25.3.1. Mitigation involves upgrading the toolkit or disabling the enable-cuda-compat hook.
2026-06-15 2026SharePoint Vulnerabilities (CVE-2025-53770 & CVE-2025-53771): Everything You Need to KnowAPI SecAnalysis of CVE-2025-53770 and CVE-2025-53771, actively exploited zero-day vulnerabilities in on-premises Microsoft SharePoint servers. CVE-2025-53770 is a critical RCE via unsafe deserialization, forming the execution stage of the ToolShell exploit chain. CVE-2025-53771 is a spoofing vulnerability enabling authentication bypass via header spoofing. These are bypasses of earlier vulnerabilities CVE-2025-49704 and CVE-2025-49706, respectively. The chained ToolShell exploit was demonstrated at Pwn2Own Berlin and actively exploited in the wild following emergency patches.
2026-06-15 2026What the U.S. AI Action Plan Means For Cyber DefendersAISurvey of the U.S. AI Action Plan, detailing its emphasis on rapid AI innovation and infrastructure development, alongside a critical need for security foundations. The plan highlights initiatives like establishing an AI Information Sharing and Analysis Center (AI-ISAC), promoting secure-by-design principles, and developing AI incident response frameworks, acknowledging risks from adversarial threats and deepfakes. It urges secure development practices and continuous risk management for AI systems integrated into critical infrastructure and broader ecosystems.
2026-06-15 2026TraderTraitor: Deep DiveSupply ChainAnalysis of TraderTraitor details a North Korean threat cluster, linked to Lazarus Group and APT38, that targets cryptocurrency exchanges, DeFi platforms, and crypto startups. The group employs social engineering via phishing emails and trojanized applications, as well as sophisticated supply chain compromises involving malicious npm packages and the JumpCloud incident. TraderTraitor's objective is primarily financial gain through cryptocurrency theft, with notable operations including the DMM Bitcoin exchange heist and the ByBit hack.
2026-06-15 2026Wiz Research Uncovers Critical Vulnerability in AI Vibe Coding platform Base44 Allowing Unauthorized Access to Private ApplicationsAIAuthZAnalysis of a critical vulnerability in the Base44 vibe coding platform, allowing unauthorized access to private applications. The issue stemmed from undocumented registration and email verification endpoints that accepted only a non-secret `app_id` value, bypassing authentication controls including SSO. This enabled attackers to create verified accounts for private applications, granting full access to sensitive data. Wiz Research responsibly disclosed the flaw, which was fixed within 24 hours. The vulnerability highlights systemic risks in AI-powered development platforms where a single flaw can jeopardize all applications built on the vendor's shared infrastructure.
2026-06-14 2026The insider’s guide to Black Hat 2025AITalksGuide to Black Hat 2025 detailing AI security, cloud security, and red teaming trends. It highlights specific talks on NVIDIA Container Toolkit vulnerabilities, Gemini agent exploitation via calendar invites, and wormable zero-click RCE in AirPlay. The guide also mentions the open-source tool HoneyBee for generating misconfigured Dockerfiles and discusses sessions on vulnerable authenticated cloud environments.
2026-06-14 2026Breaking NVIDIA Triton: CVE-2025-23319 - A Vulnerability Chain Leading to AI Server TakeoverAIRCELibrary for discovering vulnerabilities in NVIDIA Triton Inference Server, including CVE-2025-23319, CVE-2025-23320, and CVE-2025-23334. This exploit chain begins with a Python backend information leak, allowing an attacker to abuse the shared memory API for arbitrary read/write operations, potentially leading to remote code execution and full server takeover. The findings highlight the critical need for securing AI infrastructure.
2026-06-14 2026A new type of long-lived key on AWS: Bedrock API keysSecretsReference analyzing long-lived and short-lived AWS Bedrock API keys. It details how long-lived keys are tied to IAM Users, potentially bypassing existing SCPs, and over-privileged by default with the `AmazonBedrockLimitedAccess` policy. Short-lived keys are generated client-side via presigned URLs and a new `bedrock:CallWithBearerToken` API. Both key types use a bearer token in the HTTPS header, unlike the typical sigv4. The entry notes these keys have already appeared in public GitHub repositories and recommends SCPs to deny `bedrock:CallWithBearerToken` to mitigate risks.
2026-06-14 2026Secrets Found. Owners Identified. Issues Fixed.SecretsLibrary for detecting, prioritizing, and remediating secrets exposure across the SDLC, combining code scanning, cloud workload analysis, and vault data with blast radius context and AI-powered fixes. It validates findings against providers like GitHub and OpenAI, maps secrets to owners, and offers AI-generated remediation guidance, integrating directly into developer workflows.
2026-06-14 2026s1ngularity: supply chain attack leaks secrets on GitHub: everything you need to knowSupply ChainWriteup detailing the s1ngularity supply chain attack, which leveraged malicious versions of the Nx build system npm package to steal developer secrets like cryptocurrency wallets, GitHub tokens, and SSH keys. The attack utilized AI command-line tools for reconnaissance and exfiltrated data to attacker-controlled GitHub repositories, with a subsequent phase involving the public release of over 5500 private repositories. The vulnerability exploited a flawed GitHub Actions workflow allowing code injection through unsanitized pull request titles combined with the `pull_request_target` trigger.
2026-06-14 2026s1ngularity's Aftermath: AI, TTPs, and Impact in the Nx Supply Chain AttackAISupply ChainAnalysis of the s1ngularity Nx supply chain attack details novel TTPs used by AI-powered malware to exfiltrate secrets, including GitHub and npm tokens. The attack progressed through three phases: initial public leakage of thousands of corporate secrets, abuse of leaked GitHub tokens to expose private repositories, and a final phase publishing more repositories. The malware leveraged AI CLIs like Claude and Gemini to identify and exfiltrate sensitive files, impacting over 1,700 users with public secret leakage and hundreds more through the exposure of private repositories.
2026-06-14 2026From Compromised Keys to Phishing Campaigns: Inside a Cloud Email Service TakeoverAuthNSecretsAnalysis of a May 2025 SES abuse campaign reveals attackers compromising AWS access keys to escape Amazon Simple Email Service's sandbox. This involved multi-regional `PutAccountDetails` requests to gain production mode, followed by verifying attacker-owned and weakly protected legitimate domains. The campaign leveraged these to send phishing emails referencing tax forms, directing victims to credential theft sites masked by a traffic analysis service, highlighting the risks of SES misuse for large-scale phishing and monetizing leaked credentials.
2026-06-14 2026Widespread npm Supply Chain Attack: Breaking Down Impact & Scope Across Debug, Chalk, and BeyondSupply ChainWriteup of a widespread npm supply chain attack impacting packages like debug and chalk, detailing how a wallet-hijacking browser interceptor was deobfuscated. The analysis quantifies a roughly two-hour exposure period with high package prevalence and a concerning malware presence, explaining the rapid spread through social engineering and malicious releases. Mitigation strategies involve updating lockfiles, rebuilding from clean caches, invalidating CDN assets, and hotfixing UI elements to prevent transaction redirection to attacker-controlled wallets.
2026-06-14 2026Shai-Hulud: Ongoing Package Supply Chain Worm Delivering Data-Stealing MalwareSupply ChainWriteup detailing the Shai-Hulud npm supply chain attack, which involved malicious versions of popular packages spreading data-stealing malware worm-like across the ecosystem. The attack, believed to be a consequence of the s1ngularity/Nx compromise, leveraged a post-install script to harvest sensitive data using tools like TruffleHog, exfiltrate it to GitHub repositories, and propagate itself by publishing malicious package versions. The analysis includes compromised package names, compromised GitHub user data, and recommendations for revoking credentials.
2026-06-14 2026Wiz Research Discovers One in Five Organizations Exposed to Systemic Risks in Vibe-Coded Applications - Here's How to Secure ThemAPI SecAuthZLibrary for securing applications built with "vibe coding" platforms like Lovable. It details common risks such as authentication logic living entirely in the browser, API keys and secrets exposed in client-side code, and database tables being wide-open. Solutions include enforcing server-side authentication, proxying API calls through a secure backend, and implementing proper Row-Level Security (RLS) for databases like Supabase.
2026-06-14 2026Beyond CVEs: The Exploitation of Everyday MisconfigurationsAPI SecAuthZLibrary detailing the exploitation of common cloud application misconfigurations, moving beyond traditional CVEs. It covers unrestricted access, default/weak credentials, excessive permissions, and exposed databases, providing real-world case studies of abuse. Examples include Selenium Grid RCE via arbitrary command execution, Spring Boot Actuator SSRF and sensitive data leakage through heap dumps, and PostgreSQL command execution using the `COPY FROM PROGRAM` feature with weak credentials. The library emphasizes proactive perimeter scanning and shifting security left within CI/CD pipelines to mitigate these risks.
2026-06-14 2026IMDS Abused: Hunting Rare Behaviors to Uncover ExploitsReconSSRFLibrary for detecting anomalous Instance Metadata Service (IMDS) usage, aiding in the hunt for cloud exploits. This approach led to the discovery of a zero-day SSRF vulnerability in pandoc (CVE-2025-51591), leveraged through an <iframe> tag to target sensitive IMDS endpoints like `/latest/meta-data/iam/info`. It prioritizes rare IMDS access patterns from unexpected processes and focuses on suspicious metadata paths.
2026-06-13 2026The emerging use of malware invoking AIAIWriteup on AI-invoking malware details incidents like LameHug, where malware prompts HuggingFace for commands; the Amazon Q Developer Extension compromise, which instructed an AI to clean systems; and s1ngularity, a supply chain attack using npm packages that attempted to leverage Claude, Gemini, and Q for credential theft. These campaigns highlight emerging threats where AI is used within payloads to potentially bypass detections or exploit trust in AI tools, with future concerns around agentic AI and the need for robust detection strategies.
2026-06-13 2026Introducing zeroday.cloud: First-of-its-kind cloud and AI hacking competitionAICompetition hosting a cloud and AI hacking event with a $4.5 million bounty pool. Researchers can target vulnerabilities in categories like AI (Ollama, vLLM, NVIDIA Container Toolkit), Kubernetes (Kubernetes API Server, Kubelet Server, Grafana, Prometheus, Fluent Bit), Containers (Docker, Containerd, Linux Kernel), Web Servers (nginx, Apache Tomcat, Envoy, Caddy), Databases (Redis, PostgreSQL, MariaDB), and DevOps (Apache Airflow, Jenkins, GitLab CE). Successful exploits require total compromise, such as container/VM escape or 0-click RCE. The event partners with AWS, Microsoft, and Google Cloud, and will take place at Black Hat Europe in London.
2026-06-13 2026AI Security 101: Mapping the AI Attack SurfaceAILibrary for mapping the AI attack surface, detailing risks from training data, model artifacts, AI pipelines, APIs, and shadow AI. It highlights real-world incidents like the 38TB Microsoft data exposure and the BingBang prompt injection vulnerability, offering practical steps to reduce risk, including mapping the environment, securing training data, hardening ML infrastructure, monitoring AI endpoints, and building shared ownership.
2026-06-13 2026RediShell: Critical Remote Code Execution Vulnerability (CVE-2025-49844) in Redis, 10 CVSS scoreRCEWriteup of CVE-2025-49844, dubbed RediShell, a critical 10.0 CVSS score Use-After-Free vulnerability in Redis. This flaw allows authenticated attackers to escape the Lua sandbox via crafted Lua scripts, achieving arbitrary native code execution on the Redis host. Affecting Redis and forks like Valkey, along with managed services such as Amazon ElastiCache, Google Cloud Memorystore, and Azure Cache for Redis, exploitation can lead to system compromise, data exfiltration, and lateral movement. Immediate patching and security hardening, including enabling authentication and restricting access, are crucial.
2026-06-13 2026Dismantling a Critical Supply Chain Risk in VSCode Extension MarketplacesSecretsSupply ChainWriteup of critical secrets leakage in VSCode IDE extensions impacting both the VSCode and Open VSX marketplaces. Over one hundred instances of leaked Azure DevOps Personal Access Tokens (PATs) and Open VSX Access Tokens were discovered, granting attackers the ability to distribute malicious updates to a combined install base of over 150,000 users. The leakage stemmed from publisher errors, such as bundling dotfiles and hardcoding secrets directly into extension code, affecting various categories including AI provider secrets, cloud platform credentials, and database secrets. Wiz collaborated with Microsoft to implement platform-level guardrails and notify affected publishers.
2026-06-13 2026Introducing Wiz ASM: Context-Driven Attack Surface ManagementReconTool that provides context-driven attack surface management across cloud, AI, on-premises, and SaaS environments. Wiz ASM leverages the Wiz Security Graph to discover external-facing assets, detect exploitable risks, and enrich them with context to prioritize remediation efforts. It identifies owners and provides AI-powered guidance, accelerating response times and reducing mean time to resolution (MTTR). The scanner has helped customers remediate risks like RCE through default credentials on CI/CD systems, exposed cloud and AI keys, and public buckets with sensitive AI training data.
2026-06-13 2026Securing AI Agents with Wiz AI-SPMAILibrary for securing AI agents, Wiz AI-SPM, extends agentless CNAPP for visibility and continuous defense. It discovers AI services, models, and integrations; inventories AI software and dependencies via an AI Bill of Materials (AI BOM); maps attack surfaces; enforces secure configurations for platforms like Bedrock and Vertex AI; verifies guardrails; detects sensitive data exposure; correlates risks with identities and workloads; provides DSPM for AI; aligns with OWASP LLM risks; and offers runtime monitoring with automated response.
2026-06-13 2026Exposure Report: 65% of Leading AI Companies Found with Verified Secret LeaksAISecretsSurvey of GitHub secret leaks targeting Forbes AI 50 companies, revealing 65% had verified exposures including API keys, tokens, and credentials in deleted forks, gists, and developer repos. The analysis highlights new leak vectors and emphasizes the need for robust secret scanning and disclosure practices beyond traditional methods, noting specific vulnerabilities found within companies like ElevenLabs and Langchain.
2026-06-13 2026Empower and Accelerate Your SOC with the Blue AgentAITool for accelerating cloud threat detection and response, the Blue Agent integrates AI and the Wiz platform's context for automated threat investigation and triage. It mirrors Incident Response team expertise, presenting transparent reasoning and evidence to SOC analysts. The Agent correlates runtime signals, network telemetry, and cloud context, aiming to reduce manual triage and enable teams to focus on higher-value strategic work, ultimately scaling SOC operations without increasing headcount.
2026-06-13 2026AI Threat Readiness Pillar 3: Perform AI Code Analysis Natively in WizAILibrary for AI code analysis within Wiz, integrating native AI Code Scans with frontier models and agentic workflows. It addresses challenges of inconsistent coverage and alert fatigue in traditional SAST by prioritizing critical repositories via Code-to-Cloud mapping. The library employs a layered approach, combining rules-based SAST, continuous AI scans for semantic reasoning, and periodic deep analysis with frontier models. It enriches findings with the Wiz Security Graph and uses Red and Green Agents to validate exploitability and automate remediation.
2026-06-12 2026Introducing Posture Issues: Transform Security Findings into Actionable OutcomesBug BountySecretsFramework for managing security debt, Posture Issues consolidate findings within a single domain like vulnerabilities or secrets, allowing teams to tackle backlogs, meet compliance SLAs, and measure long-term security posture improvements. This structured approach, driven by Posture Policies, transforms noisy lists into manageable projects for continuous security hygiene and hardening.
2026-06-12 2026Shai-Hulud 2.0 Supply Chain Attack: 25K+ Repos Exposing SecretsSupply ChainA supply chain attack, dubbed Shai-Hulud 2.0, has compromised over 25,000 repositories from approximately 350 users by exploiting malicious npm packages. This campaign exposes sensitive information within these repositories. The primary focus is on detecting and mitigating the impact of these compromised packages.
2026-06-12 20263 OAuth TTPs Seen This Month — and How to Detect Them with Entra ID LogsAuthNJWTLibrary for detecting OAuth TTPs in Azure environments. It details device code phishing, where attackers exploit the device code flow to trick victims into authenticating with MFA, granting the attacker a token. It also covers Resource Owner Password Credentials (ROPC) abuse, leveraging legacy flows without MFA or browser consent for credential stuffing and persistence, often targeting applications like Azure AD PowerShell. Finally, it explains how attackers can use specific token-resource combinations, such as Microsoft Authentication Broker and Intune Enrollment, to register a device and bypass Conditional Access policies. KQL queries are provided for log analysis.
2026-06-12 2026Shai-Hulud 2.0 Aftermath: Trends, Victimology and ImpactSupply ChainAnalysis of the Shai-Hulud 2.0 supply chain attack reveals its extended activity compared to prior worms, with continued repository creation and infection spikes. The attack primarily targeted Linux containers within CI/CD environments, with GitHub Actions being the leading platform. Key infection vectors identified include the @postman/tunnel-agent and @asyncapi/specs packages. Despite an intended focus on cloud secrets, exfiltration data suggests a bug prevented cloud secret extraction, though thousands of critical secrets were still compromised through methods like TruffleHog, impacting hundreds of companies.
2026-06-12 2026React2Shell (CVE-2025-55182): Everything You Need to Know About the Critical React VulnerabilityRCELibrary for detecting and mitigating React2Shell (CVE-2025-55182), a critical RCE vulnerability in React Server Components and Next.js exploiting insecure deserialization. This unauthenticated flaw, affecting default configurations, allows crafted HTTP requests to influence server-side execution. Exploitation has been observed in the wild by Wiz, Amazon, and Datadog, with post-exploitation activity including credential harvesting and cryptomining. Immediate patching is required, as hardened releases for React and Next.js are available.
2026-06-12 2026React2Shell: Technical Deep-Dive & In-the-Wild Exploitation of CVE-2025-55182RCEWriteup of CVE-2025-55182 "React2Shell," detailing its exploit mechanics and observed in-the-wild attacks. The vulnerability, an improper input deserialization flaw in React Server Components, allows arbitrary code execution on the server. The analysis highlights exploitation in Next.js, Waku, and Vite, with observed attacks including credential harvesting, cloud metadata access, cryptominer deployment, and the use of Sliver implants for persistent backdoors, including a fileless backdoor achieved by monkey-patching Node.js.
2026-06-12 2026Code to Cloud Attacks: From Github PAT to Cloud Control PlaneSecretsSupply ChainLibrary detailing attack flows where threat actors leverage compromised GitHub Personal Access Tokens (PATs) to gain initial access to cloud environments. It covers observed malicious techniques including secret discovery via code search API, execution of arbitrary code through GitHub Actions to exfiltrate credentials, and defense evasion via log deletion. The library also highlights lateral movement into cloud service provider control planes and supply-chain attack vectors like the tj-actions/changed-files compromise.
2026-06-12 2026Gogs 0-Day Exploited in the WildRCEAnalysis of CVE-2025-8110, a zero-day RCE in Gogs exploited in the wild, reveals a symlink bypass of a previous vulnerability (CVE-2024-55947). This flaw allows authenticated users to overwrite files outside the repository by exploiting Gogs' handling of symbolic links within its API, leading to arbitrary command execution. Over 700 compromised instances were identified, with attackers using the Supershell framework for C2 communication. Gogs version v0.13.4 addresses this issue.
2026-06-12 2026Bringing Oracle Cloud Identity to WizAuthZLibrary support for Oracle Cloud Infrastructure (OCI) Identity and Access Management (IAM) provides unified visibility across OCI, AWS, Azure, and GCP. It normalizes OCI's Identity Domains, Compartments, and natural-language policies into Wiz's security graph, allowing analysis of users, groups, service principals, access paths, and OCI API keys. This enables consistent cross-cloud controls and threat analysis by mapping OCI constructs like resource types and permissions to Wiz objects and access types.
2026-06-12 2026From MCP to Vibe Coding: Full Endpoint Visibility in Wiz AI SecurityAILibrary for full endpoint visibility in AI Security, powered by Wiz Attack Surface Scanner. It surfaces live, validated AI endpoints including Vibe Coding, AI Pipelines, AI as a Service, AI Frameworks & Toolkits, AI Models, AI Security, and MCP Endpoints. The library ties these into the Security Graph to show data, identities, and workloads, enabling direct exploration, tracing to underlying workloads, and end-to-end response from discovery to remediation. It aligns with security best practices like OWASP Top 10 for LLMs.
2026-06-11 2026Snipping the Long Tail of Shai-Hulud 2.0SecretsAnalysis of the Shai-Hulud 2.0 worm reveals its persistence through mechanisms like private registries, cached packages, and a lingering OpenVSX IDE extension (asyncapi-preview v1.0.1). This "long tail" of infections impacted over ⅓ of the Fortune 100, with leaked credentials remaining valid, potentially linking to the Trust Wallet $7M exploit due to shared exfiltrated GitHub and Web Store credentials, and similar naming conventions. Wiz Research "snipped the tail" by coordinating a clean OpenVSX extension update.
2026-06-11 2026CodeBreach: Infiltrating the AWS Console Supply Chain and Hijacking AWS GitHub Repositories via CodeBuildRCESupply ChainTool for infiltrating the AWS Console supply chain, CodeBreach exploits a CodeBuild misconfiguration, allowing unauthenticated attackers to hijack key AWS GitHub repositories, including the JavaScript SDK. This vulnerability, stemming from unanchored regex filters in build triggers, could lead to platform-wide compromise by enabling malicious code injection. Mitigations include securing CodeBuild-GitHub connections with fine-grained tokens and ensuring anchored regex patterns for webhook filters.
2026-06-11 2026Agentic Browser Security: 2025 Year-End ReviewAIMobileSurvey of Agentic Browser security, detailing 2025's advancements and risks. This review covers offensive research including Zero-Interaction Exfiltration, Scamlexity, Gemini Trifecta, CometJacking, Tainted Memories, HashJack, and Task Injection. Defensive strategies like Human-in-the-Loop (HITL), Reinforcement Learning, Architectural Isolation, and Secondary LLM Critics are examined, alongside Gartner's recommendation to block AI browsers and Wiz's advice on isolation, human oversight, and limiting blast radius.
2026-06-11 2026Introducing SITF: The First Threat Framework Dedicated to SDLC InfrastructureSupply ChainFramework for modeling and mitigating SDLC infrastructure attacks, SITF categorizes over 70 techniques across Endpoint/IDE, VCS, CI/CD, Registry, and Production pillars. It visualizes attack flows, decomposes events into Risk -> Technique -> Control causal chains, and provides a controls matrix prioritized by attack stage. SITF was developed in response to escalating attacks like Ultralytics hijack, Shai-Hulud, and TrustWallet compromise, addressing gaps in existing frameworks like MITRE ATT&CK and OWASP CI/CD Top 10 for infrastructure-centric threat modeling.
2026-06-11 2026AI-Powered Forensics, at Cloud SpeedAITool for AI-powered cloud forensics, Wiz provides a tiered approach to forensic visibility. It automatically captures targeted, full-context evidence from affected containers and hosts when suspicious activity is detected, then uses AI to analyze this data, surfacing clear conclusions to aid in rapid threat triage and investigation by SOC and DFIR teams.
2026-06-11 2026AI Agents vs Humans: Who Wins at Web Hacking in 2026?AIBug BountySurvey comparing AI agents (Claude Sonnet 4.5, GPT-5, Gemini 2.5 Pro) to humans for web hacking tasks. The study found AI agents excel at directed challenges, solving 9 of 10 lab environments modeled after real-world vulnerabilities like SSRF and authentication bypass. However, performance and cost-effectiveness degrade significantly in broader, less directed scenarios, where they struggle with prioritization and deep investigation. While AI demonstrates strong pattern recognition and multi-step reasoning, it lacks the creative problem-solving and tool utilization of human testers, particularly in discovering vulnerabilities like exposed directories or secret exposure in public repositories.
2026-06-11 2026Hacking Moltbook: The AI Social Network Any Human Can ControlAIAPI SecSecretsWriteup on a Supabase misconfiguration in the AI social network Moltbook, which exposed 1.5 million API authentication tokens, 35,000 email addresses, and private messages. The vulnerability stemmed from a lack of Row Level Security (RLS) on the Supabase database, allowing unauthenticated read and write access to sensitive data, including account takeover credentials and plaintext API keys. This incident highlights security risks in "vibe-coded" applications, drawing parallels to previous issues like the DeepSeek data leak.
2026-06-11 2026Building AI Security Together: New Ways to Partner with Wiz for AI Security in 2026AIFramework for AI Security integrates the Wiz Integration Network (WIN) with new AI capabilities. It introduces the WIN MCP, a standardized integration framework providing in-IDE access to Wiz APIs for faster, more secure development of plugins and custom workflows. Winnie, the WIN Community Wizard Agent, further accelerates builders by providing quick answers and documentation navigation within the WIN developer Slack community. These tools reduce friction for building secure, high-quality integrations, bolstering the new AI Security category within WIN, which includes AI Security Posture Management, runtime guardrails, agentic AI security, adversarial testing, and governance.
2026-06-11 2026Wiz + Spotify Backstage: Security at the Developer’s DeskSecretsPlugin for Spotify Backstage that integrates Wiz Issues and Vulnerabilities, mapping Wiz Projects to Backstage components. Developers can search findings by rule, resource, or CVE, view vulnerability counts and severity, and seamlessly jump into Wiz for deeper investigation and remediation, bringing security context directly to the developer's workflow.
2026-06-11 2026Introducing AI Cyber Model Arena: A Real-World Benchmark for AI Agents in CybersecurityAIAPI SecBenchmark suite of 257 real-world challenges assessing AI agents across zero-day discovery, CVE detection, API security, web security, and cloud security (AWS, Azure, GCP, Kubernetes). The AI Cyber Model Arena evaluates AI models' offensive capabilities, separating agent and model effects with a multi-agent x multi-model matrix. Scoring uses deterministic rubrics and pass@3, with challenges run in isolated Docker containers to ensure fairness and realism. Results highlight that offensive capability is jointly determined by model and agent scaffold, with performance varying significantly across domains.
2026-06-11 2026From Detection to Remediation: It’s Time to Rethink AppSec Around Exploitability and Root Cause FixesAPI SecBug BountyTool that connects validated runtime vulnerabilities to source code, enabling root cause fixes. It traces issues from the Wiz Attack Surface Scanner (ASM) and Wiz Code's SCA scanner through a Code-to-Cloud Pipeline, showing lineage from source to runtime. Features include one-click pull request generation and AI assistance for remediation guidance via Mika AI. The tool also consolidates vulnerabilities by their source-mapped code finding to address security debt and improve posture.
2026-06-11 2026Would You Click ‘Accept’? Automatically detecting malicious Azure OAuth applications using LLMsAIAuthNTool for detecting malicious Azure OAuth applications, leveraging insights from homoglyph attacks and analysis of real-world campaigns. This pipeline identifies suspicious applications by comparing their characteristics against a baseline of legitimate integrations, flagging deviations in publisher verification, homepage URLs, and application owner domains. The research highlights common gaps in Azure service principal management and the risk of consent fatigue, leading to potential privilege escalation and persistent access for attackers.
2026-06-10 2026Building an Agentic Cloud Security Ecosystem: A Reference Architecture with Wiz MCP and Infosys Cyber NextAIReference architecture detailing an agentic cloud security ecosystem, leveraging Wiz MCP and Infosys Cyber Next. This model uses intelligent agents for detection, investigation, and remediation, powered by the Wiz Security Graph's contextual data. It highlights the Wiz Remote MCP Server as a key enabler for AI-driven workflows and illustrates an intelligent S3 remediation scenario involving discovery, investigation, and human-approved remediation agent actions.
2026-06-10 2026Security Insights Where Work Happens: Notion Custom Agents + Wiz MCPAIAuthZIntegration that connects Wiz cloud security insights with Notion Custom Agents, enabling AI teammates to answer security questions, generate reports, and investigate risks directly within Notion workspaces. This allows teams to access cloud security context where they collaborate, using features like the Wiz Cloud Questioner to query their environment and the Wiz Vulnerability Summarizer to automate security reporting, bringing actionable insights into everyday workflows.
2026-06-10 2026Seeing AI Clearly: Building Visibility Across Modern AI ApplicationsAILibrary for building visibility across modern AI applications, offering an implementation-agnostic approach to discover and inventory AI systems. It combines code analysis, agentless cloud detection, AI workload explanation, model invocation logs, and runtime signals to provide a unified view of AI components, including models, agents, tools, guardrails, identities, and AI tool adoption. This comprehensive visibility is foundational for understanding AI construction, ownership, and enabling subsequent security measures like posture risk assessment and threat detection.
2026-06-10 2026Understanding and Reducing AI Risk in Modern ApplicationsAILibrary for identifying and mitigating risks in AI applications. It analyzes AI systems across infrastructure, models, data, and application layers, detecting vulnerabilities stemming from component interactions. The library helps pinpoint risks like prompt injection, insecure tool usage, embedded credentials, and misconfigured AI platforms, offering comprehensive visibility to prevent insecure AI systems from reaching production and ensure correct protections are in place.
2026-06-10 2026Trivy Compromised: Everything You Need to Know about the Latest Supply Chain AttackSupply ChainLibrary. This entry details the "TeamPCP" supply chain attack that compromised Aqua Security's Trivy vulnerability scanner and related GitHub Actions. The attack involved injecting credential-stealing malware into official releases and workflows, leading to the exfiltration of secrets via typosquatted domains and fallback repository mechanisms. Threat actors also leveraged stolen publish tokens for npm ecosystem compromise and deployed iterative payloads. Organizations should audit Trivy versions and GitHub Action references, and consider pinning actions to full SHA hashes for long-term hardening.
2026-06-10 2026AI Runtime Threat Detection: From Input to Real-World ImpactAILibrary for AI runtime threat detection that monitors behavior across the model, workload, and cloud layers, correlating activity from input to real-world impact. It moves beyond basic prompt filtering to detect when AI agents take risky or malicious actions, even with benign-looking prompts. By applying AI context, it transforms raw signals into actionable understanding, linking runtime events to their originating code or configuration for faster root cause analysis and remediation. The library's approach provides visibility into complex attack chains, such as those involving prompt injection leading to reverse shells and credential exfiltration.
2026-06-10 2026Introducing Wiz Agents & Workflows: Security at the Speed of AIAIAuthZLibrary introducing Wiz Agents and Workflows, AI-powered security systems that reason, investigate, and take action across code, cloud, and runtime. The Red Agent functions as an AI attacker identifying logic-driven vulnerabilities, the Blue Agent acts as a threat investigator by gathering evidence, and the Green Agent drives remediation by pinpointing root causes and providing actionable fixes. Integrated into Workflows, these agents orchestrate automated responses and human-approved actions, streamlining security operations from discovery to resolution.
2026-06-10 2026Introducing Wiz AI Application Protection Platform (AI-APP)AIPlatform that secures AI applications end-to-end, connecting infrastructure, data, access, models, agents, and applications from code to runtime. It builds a complete AI inventory, maps cross-layer risk correlated with frameworks like OWASP Top 10 for LLM Applications, and provides runtime threat detection across model activity, workload execution, and the cloud layer. Integrations with Cloudflare, TrojAI, and Pillar Security enrich findings with cloud context, enabling teams to prioritize exploitable risks and drive remediation through agents that identify risk, determine fixes, and investigate threats.
2026-06-10 2026Introducing the Wiz Red Agent- AI-Powered AttackerAILibrary for AI-powered attack surface management, the Wiz Red Agent, autonomously discovers and validates complex exploitable risks across cloud environments and proprietary APIs. It leverages deep cloud context, world-class attacker expertise, and adaptive, reasoning-based exploitation to uncover vulnerabilities missed by traditional scanning and manual research, including authorization flaws and business logic errors. The Red Agent integrates with the Wiz platform to correlate application-layer risks with cloud infrastructure, enabling better prioritization and remediation guidance.
2026-06-10 2026KICS GitHub Action Compromised: TeamPCP Strikes Again in Supply Chain AttackSecretsSupply ChainWriteup detailing a supply chain attack on the Checkmarx KICS GitHub Action by TeamPCP, compromising 35 tags and distributing credential-stealing malware via a `setup.sh` script. The attack, similar to the Trivy incident, leverages compromised identities and hardcoded RSA keys, with a new Kubernetes persistence mechanism for follow-on operations. The malware exfiltrates secrets from environment variables, runner memory, AWS metadata, and Kubernetes API, encrypting them and uploading them to GitHub repositories or attacker-controlled domains.
2026-06-10 2026Three’s a Crowd: TeamPCP trojanizes LiteLLM in Continuation of CampaignPythonSecretsSupply ChainWriteup detailing the TeamPCP campaign's exploitation of LiteLLM, specifically versions 1.82.7 and 1.82.8, which utilized Python's .pth mechanism for stealthy code execution. This attack, building on prior compromises of Trivy and Checkmarx GitHub Actions, exfiltrates cloud credentials, CI/CD secrets, and various keys to attacker-controlled domains, posing a significant risk to environments utilizing the LiteLLM library.
2026-06-10 2026Tracking TeamPCP: Investigating Post-Compromise Attacks Seen in the WildSecretsSupply ChainAnalysis of TeamPCP supply chain attacks, including compromises of Trivy, KICS, and LiteLLM. The campaign deploys malware that harvests cloud credentials and secrets, using tools like TruffleHog for validation. Post-compromise activities involve extensive enumeration of AWS services, abuse of GitHub workflows (potentially via Nord Stream), and ECS Exec for code execution and data exfiltration. The threat actor prioritizes speed and volume, utilizing Mullvad VPN and InterServer hosts.
2026-06-10 2026Axios NPM Distribution Compromised in Supply Chain AttackSupply ChainAnalysis of the Axios NPM supply chain attack, where compromised maintainer accounts led to malicious versions (v1.14.1, v0.30.4) introducing the `plain-crypto-js` dependency. This attack, tracked as GHSA-fw8c-xr5c-95f9 and MAL-2026-2306, involved payloads downloading RATs from sfrclak.com:8000, capable of remote shell execution and system reconnaissance across macOS, Windows, and Linux.
2026-06-10 2026AI Threat Readiness Pillar 2: Accelerate Patching and ResponseAILibrary for accelerating patching and response in AI threat readiness, this resource details how to establish clear ownership, identify root causes across cloud configuration to source code, determine optimal fix paths with environment-specific context, and automate remediation workflows. It highlights Wiz's Green Agent for tracing vulnerabilities to their source and recommending the most efficient fix, alongside Wiz Workflows for orchestrating the entire remediation chain and shifting fixes left to prevent recurrence.
2026-06-09 2026Six Accounts, One Actor: Inside the prt-scan Supply Chain CampaignSupply ChainAnalysis of the prt-scan campaign details an AI-powered actor exploiting GitHub's pull_request_target workflow trigger. The attacker opened over 500 malicious PRs across six waves, compromising at least two npm packages. Payloads evolved from bash scripts to AI-generated, language-aware wrappers, attempting to steal GitHub tokens, enumerate secrets, and exfiltrate credentials. Despite elaborate multi-phase payloads, the attack revealed fundamental misunderstandings of GitHub's threat model, limiting overall success but highlighting the growing threat of AI-assisted supply chain attacks.
2026-06-09 2026Cloud Threats Retrospective 2026: What AI Changed (and What It Didn’t)AIAnalysis of 2025 cloud incidents reveals that well-known weaknesses, including vulnerabilities, exposed secrets, and misconfigurations, still drive 80% of initial access, despite the evolving cloud landscape. AI did not introduce new risk categories but expanded the attack surface by increasing opportunities for familiar risks near sensitive data. AI primarily accelerated existing attacker workflows like reconnaissance and post-access activities, and campaigns like hackerbot-claw and the compromised axios npm releases underscore the continued threat.
2026-06-09 2026Claude Mythos: Preparing for a World Where AI Finds and Exploits Vulnerabilities Faster Than EverAIRCEAnalysis of Anthropic's Claude Mythos, an AI model capable of autonomously discovering zero-day vulnerabilities and generating exploits. This capability signals a future where AI-driven vulnerability research accelerates, leading to more CVEs in the short term and necessitating an AI-focused AppSec program for defense in the medium-to-long term. The trend suggests attackers will leverage AI, requiring defenders to adapt by integrating AI into security tooling and workflows to proactively identify and remediate flaws.
2026-06-09 2026Primer on GitHub Actions Security - Threat Model, Attacks and Defenses (Part 1/2)ReconSupply ChainLibrary detailing GitHub Actions security, this entry explains the threat model and three main risks including pull request pwnage and script injection. It analyzes common misconfigurations, such as the dangerous `pull_request_target` trigger, and examines their manifestation in real-world attacks like the Trivy supply chain breach. Defensive playbooks and strategies for mitigating these vulnerabilities are provided.
2026-06-09 2026Securing the AI Edge: Wiz and Cloudflare Integrate for End-to-End AI ProtectionAIAPI SecLibrary integrating Wiz and Cloudflare for end-to-end AI application security, offering unified visibility into AI endpoints and DNS exposure. It maps AI workloads to infrastructure and identifies sensitive data risks, extending visibility to edge protections like Cloudflare. This allows detection of threats such as prompt injection and shadow AI, enabling teams to secure exposed AI services and validate continuous guardrail protection.
2026-06-09 2026How to Harden GitHub Actions: An Updated GuideReconSupply ChainLibrary updating a guide to GitHub Actions security, detailing threats like cascading compromises from the tj-actions incident and credential exfiltration via poisoned actions such as TeamPCP / Trivy-action and Axios. It covers hardening GitHub organization settings, including read-only workflow permissions and allowlisting verified actions with SHA pinning, alongside branch protection rules and secure secrets management across repository, organization, and environment levels. The guide also emphasizes Immutable Releases for action maintainers to prevent tag-rewriting attacks.
2026-06-09 2026Securing AI Applications From Inception to DeploymentAIRCELibrary extending Wiz AI-APP to the code layer, Wiz Code integrates with IDEs and the CLI to detect AI-specific risks during development. It validates exploitability at runtime using an AI attacker, Red Agent, then automates remediation with Green Agent, generating context-aware fixes and delegating tasks to coding agents. This unified approach aligns with OWASP Top 10 for LLM Applications 2025 and Agentic Applications 2026, securing the entire AI application lifecycle from inception to production.
2026-06-09 2026IaC Inventory: A Unified View Across Code, Deployments, and CloudAILibrary for Infrastructure-as-Code (IaC) security, offering unified visibility across code, deployments, and cloud resources. It connects IaC modules to deployed resources, enabling instant risk scoping for AI workloads like Bedrock Agents and Guardrails. The tool supports Pulumi, Terraform, CloudFormation, and Bicep, catching misconfigurations pre-deployment and facilitating precise remediation by mapping issues back to the source code.
2026-06-09 2026From Code to Pipeline: Wiz Code Now Secures Your Build EnvironmentSupply ChainLibrary for securing CI/CD pipelines, Wiz Code now detects risks associated with AI agents, including prompt injection vulnerabilities in platforms like GitHub Actions. It models workflows, jobs, and runners, identifying dangerous triggers like `pull_request_target` and excessive permissions. The library extends composition analysis to CI, providing a CI-BOM for third-party actions and associating audit log events with specific pipeline contexts to offer unified visibility into traditional misconfigurations and AI-driven threats.
2026-06-09 2026Context.ai OAuth Token CompromiseAuthNSupply ChainAnalysis of the Context.ai OAuth Token Compromise highlights a supply chain attack vector where compromised tokens for the AI tool enabled access to downstream SaaS platforms like Vercel. Attackers leveraged broad OAuth permissions to access Google Workspace, exemplifying a broader trend of abusing trusted third-party integrations. The analysis details detection methods across Google Workspace, Azure AD, and Okta, alongside investigation steps for affected accounts and user activity, and emphasizes revoking access and rotating credentials to mitigate risks.
2026-06-09 2026Mapping Your API Ecosystem: Wiz Expands API Discovery with ApigeeAPI SecLibrary integrating Google Cloud Apigee into the Wiz Security Graph. This integration discovers and maps Apigee architectures, including gateways, environments, proxies, and endpoints, connecting them to broader cloud infrastructure. It analyzes authorization schemes like OAuth, API Key, Bearer, Basic Auth, SAML, and HMAC, identifying unauthenticated endpoints and their associated risks. By visualizing API exposure alongside cloud workloads and data stores, it provides critical context for vulnerability management, application security, and leadership to prioritize risks effectively.
2026-06-09 2026Closing the Security Gap in the Age of Agentic CodingAILibrary for real-time scanning and fixing of AI-generated code within AI-native IDEs and copilots. Wiz Code plugins and skills, powered by the Wiz MCP server and WizCLI, integrate Wiz's security knowledge, enabling developers to catch and fix issues like hardcoded secrets, IaC misconfigurations, vulnerable dependencies, and malware at inception. The Green Agent facilitates rapid, context-aware remediation, allowing security teams to trigger fixes and developers to resolve issues directly in their IDEs, supporting secure development in the age of agentic coding.
2026-06-09 2026Securing GitHub: Wiz Research uncovers Remote Code Execution in GitHub.com and GitHub Enterprise Server (CVE-2026-3854)RCEWriteup of CVE-2026-3854, an RCE vulnerability in GitHub's git infrastructure, identified by Wiz Research. The flaw in the X-Stat header parsing allowed authenticated users to execute arbitrary commands on backend servers via a crafted git push. Exploitation leverages injection of fields like `rails_env`, `custom_hooks_dir`, and `repo_pre_receive_hooks` to bypass sandboxing and achieve command execution. This impacts both GitHub.com and GitHub Enterprise Server, with immediate patching recommended for GHES customers.
2026-06-09 2026Wiz Code Week Recap: Securing AI Native DevelopmentAILibrary for securing AI-native development, Wiz Code offers visibility into AI frameworks like Gemini Code Assist and GitHub Copilot via an AI-BOM. It integrates security guardrails directly into IDEs with Wiz Code plugins for Cursor and Claude Code, catching issues like hardcoded secrets and prompt injection before code commits. Remediation is streamlined with Wiz Skills, allowing coding agents to apply fixes, and CI/CD pipelines are secured by modeling them as assets, identifying dangerous configurations and surfacing findings from a CI-BOM.
2026-06-09 2026Supply Chain Campaign Targets SAP npm Packages with Credential-Stealing MalwareSecretsSupply ChainLibrary for detecting supply chain attacks targeting SAP npm packages, specifically the "Mini Shai Hulud" campaign by TeamPCP. It details how malicious preinstall scripts in packages like `@cap-js/sqlite` and `@cap-js/postgres` execute obfuscated payloads. These payloads steal credentials from developer environments and CI/CD pipelines, targeting GitHub, npm, cloud providers, Kubernetes, and HashiCorp Vault. Exfiltration occurs via attacker-controlled GitHub repositories, with fallback mechanisms leveraging specific commit messages and GitHub GraphQL API. The malware also includes browser credential theft and propagation logic, with a region guardrail that terminates execution on Russian systems.
2026-06-09 2026Key Takeaways from the 2026 State of AI in the Cloud ReportAISurvey of AI security in cloud environments, detailing how AI has become foundational infrastructure. The 2026 State of AI in the Cloud report highlights 81% cloud environments use managed AI services and 90% run self-hosted AI, with 68% ingesting models via third-party software. AI-assisted development is default, leading to systemic weaknesses in 20% of organizations using AI platforms. Autonomous agents and MCP servers expand attack surface, enabling lateral movement. AI reduces exploitation costs by accelerating discovery and development, seen in malware dynamically generating commands and attackers abusing AI-enabled OAuth. This report covers AI-assisted zero-day discovery, exemplified by Anthropic's Claude Mythos.
2026-06-09 2026The (In)security Landscape of AI-Powered GitHub Actions (Part 2/2)AISupply ChainAnalysis of AI-powered GitHub Actions reveals critical vulnerabilities including bypasses of non-default configurations allowing external attackers to trigger AI execution, and a novel secret exfiltration vector for dynamically-created credential files like those from `google-github-actions/auth@v2`. Widespread misconfigurations affect numerous repositories, exacerbated by prompt injection risks and the confusing deputy bypass technique, where attackers can leverage `dependabot` to impersonate trusted actors.
2026-06-08 2026Copy Fail: Universal Linux Local Privilege Escalation VulnerabilityAuthZWriteup on CVE-2026-31431, a Linux kernel vulnerability dubbed "Copy Fail," allowing unprivileged local users to escalate to root. Discovered by Xint, it affects nearly all Linux kernels since 2017 due to a logic flaw in the AEAD crypto implementation, enabling attackers to overwrite file page cache and inject code into binaries like `/usr/bin/su`. Mitigation involves kernel updates or blocking AF_ALG socket creation via seccomp. Detection can involve correlating AF_ALG loading with other suspicious signals or monitoring for malformed `auth.log` entries from corrupted `su` binaries.
2026-06-08 2026Practical Package Security: The Unofficial GuideSupply ChainGuide on practical package security, this resource addresses risks in third-party package consumption. It details mitigations like minimizing dependencies, adopting cooldown periods for updates, utilizing lockfiles and hashes, employing wrapper tools, and restricting install-time execution. Organizational controls include protecting execution environments with remote developer environments and zero trust production, and controlling installations via registry pull-through proxies or curated registries. Examples like TeamPCP / Trivy-action and Axios supply chain compromises highlight the urgency of these practices.
2026-06-08 2026Introducing Penetration Test Findings: Unified Offensive Security in WizBug BountyTool for unifying penetration test findings from HackerOne, third-party audits, internal exercises, and AI assessments like Mythos and Claude. It leverages the Wiz Security Graph to enrich findings with cloud context, automate ownership mapping, and facilitate AI-powered triage and remediation guidance through Mika AI and the Green Agent.
2026-06-08 2026Critical Buffer Overflow Vulnerability in PAN-OS Exploited in-the-WildAuthNRCECVE-2026-0300 is a critical buffer overflow vulnerability in Palo Alto Networks PAN-OS's User-ID Authentication Portal, allowing unauthenticated remote code execution with root privileges. Actively exploited in the wild, the flaw requires only network access and is particularly dangerous when the portal is exposed externally on ports 6081 or 6082. Recommended mitigations include patching, restricting portal access, and disabling it if not needed.
2026-06-08 2026The Jenkins Threat LandscapeSupply ChainLibrary that details the Jenkins threat landscape, focusing on core vulnerabilities, the plugin ecosystem, and common misconfigurations. It highlights that most compromises exploit insecure usage patterns and weak access controls, rather than novel software flaws. Observed attack flows leverage exposed Jenkins instances for script execution, abuse CI/CD pipelines for secret extraction, and exploit plugin/core vulnerabilities, often chaining these techniques for broad environment compromise.
2026-06-08 2026Dirty Frag: Linux Kernel Local Privilege Escalation via ESP and RxRPCAuthZWriteup of "Dirty Frag," a Linux kernel local privilege escalation vulnerability chain (CVE-2026-43284, CVE-2026-43500), exploiting flaws in the ESP and RxRPC subsystems. This deterministic vulnerability, a successor to Copy Fail (CVE-2026-31431), allows root privilege escalation by corrupting page-cache memory. Exploitation typically requires CAP_NET_ADMIN privileges, making it less likely in hardened containers but a significant risk for VMs. Affected code paths date back to 2017 for ESP and 2023 for RxRPC, impacting a wide range of kernel versions.
2026-06-08 2026A Framework for AI Threat ReadinessAIFramework for AI Threat Readiness, a structured approach to managing evolving security risks, emphasizes speed of action and breadth of visibility. It details strategies for eliminating critical risks, reducing exposure through AI-driven analysis, and accelerating patching and response times. The framework highlights the need for continuous discovery and mapping of internet-facing assets, exposure control, AI-driven risk validation, and established remediation processes, all crucial as AI models accelerate vulnerability discovery and exploitation.
2026-06-08 2026Mini Shai-Hulud Strikes Again: TanStack + more npm Packages CompromisedSupply ChainThe Mini Shai-Hulud campaign has compromised several npm packages, including those within the TanStack ecosystem. This latest supply chain attack specifically targets developer tooling. Security researchers are advising developers to detect and mitigate these malicious packages to protect against potential threats. No specific bounty payout amounts were mentioned.
2026-06-08 2026Fragnesia: Linux Kernel Local Privilege Escalation via ESP-in-TCPAuthZLibrary for Linux kernel local privilege escalation, Fragnesia, targets the XFRM ESP-in-TCP subsystem. This vulnerability, a variant of DirtyFrag, allows unprivileged local attackers to modify read-only file contents in the kernel page cache and gain root privileges through deterministic page-cache corruption. The exploit manipulates AES-GCM keystream during decryption to overwrite critical binaries like `/usr/bin/su` with an ELF payload, achieving a root shell. Recommended mitigation involves applying vendor kernel patches or disabling vulnerable modules.
2026-06-08 2026Beyond Findings: Connecting Exploitable Risk to Cloud Context with Wiz and HackerOneBug BountyIntegration connecting HackerOne findings to Wiz, enriching exploitability data with cloud context on the Wiz Security Graph. This partnership allows security teams to visualize the full blast radius of vulnerabilities, understand pivot paths to sensitive data, and prioritize remediation effectively by mapping infrastructure, identities, and data flows. Pen test and bug bounty program managers can continue their workflows in HackerOne while security teams gain cloud-enriched visibility within Wiz to accelerate incident response and compliance.
2026-06-08 2026The Worm That Keeps on Digging: TeamPCP Hits @antv in Latest WaveSecretsSupply ChainAnalysis of the "MiniShaiHulud" campaign details a sophisticated software supply chain attack attributed to "TeamPCP." The campaign targeted npm packages, GitHub Actions, and a VSCode extension, with malware designed to steal credentials like GitHub tokens and SSH keys, and establish persistence via a Python backdoor. Malicious payloads were concealed in orphaned GitHub commits, and exfiltration occurred through attacker-generated repositories with the description "niagA oG eW ereH :duluH-iahS." The backdoor communicates using the trigger "firedalazer."
2026-06-08 2026durabletask: TeamPCP's Latest PyPi CompromisePythonSupply ChainAnalysis of the TeamPCP supply chain attack details the compromise of Microsoft's official Python client, durabletask, specifically versions 1.4.1, 1.4.2, and 1.4.3. The attack leveraged compromised GitHub credentials to exfiltrate PyPI tokens and publish malicious code, targeting Microsoft's `durabletask-python` repository. Remediation steps include identifying exposure via lockfiles and CI logs, checking for persistence markers like `~/.cache/.sys-update-check`, rotating all credentials, auditing AWS SSM and Kubernetes activity, reviewing password manager sessions, and blocking C2 infrastructure.
2026-06-08 2026Commit to Compromise: A New Threat Actor Targeting the Cryptocurrency Industry's Software Development InfrastructureSupply ChainWriteup on JINX-0164, a threat actor targeting cryptocurrency organizations with social engineering via LinkedIn, custom macOS malware like AUDIOFIX, and CI/CD infrastructure hijacking. The actor leverages credential theft from endpoints, impersonates developers in Git commits, and injects malicious code into repositories to achieve lateral movement and execute supply chain attacks, such as with the `@velora-dex/sdk` package on npm.
2026-06-08 2026Evidence at the Moment of Attack. Answers at AI Speed.AILibrary for automated cloud security investigations, Wiz Forensics captures forensic artifacts at the moment of detection. This addresses the challenge of ephemeral cloud workloads and fileless attacks by collecting data like script executions, process trees, and memory payloads before they disappear. AI analysis of these collected artifacts accelerates investigation for SOC and IR teams, transforming raw data into actionable insights and confident verdicts on threats like SQL injection, data exfiltration, and multi-stage attacks, as seen with the Soco404 campaign and JINX-0164.
2026-06-08 2026Miasma: Supply Chain Attack Targeting RedHat npm PackagesSupply ChainAnalysis of the Miasma campaign reveals a supply chain attack targeting @redhat-cloud-services npm packages, with over 32 releases containing unauthorized modifications. The malware, derived from TeamPCP's Mini Shai-Hulud, uses obfuscated JavaScript payloads and installation-time execution via preinstall scripts. It focuses on extracting cloud identities from GCP and Azure, generating unique encrypted payloads per infection, and was injected via a compromised Red Hat employee GitHub account. Security teams should investigate developer environments, audit for affected packages and GitHub Actions, rotate credentials, and strengthen supply chain defenses through allowlisting, SBOM generation, and improved monitoring.
2026-06-08 2026Eliminate Critical API Attack Paths with Wiz API SPMAPI SecTool Wiz API SPM is now generally available, helping organizations discover APIs, assess exploitability through techniques like Red Agent testing for OWASP API Top 10 vulnerabilities, and prioritize remediation by identifying toxic combinations. It integrates API findings with cloud security context via the Wiz Security Graph, providing a unified view to pinpoint critical attack paths, such as an internet-accessible API with SQL injection leading to PII, and offers actionable guidance for efficient resolution and automated remediation workflows.
2026-06-08 2026AI Threat Readiness Pillar 1: Reduce Critical Exposures & Scan with AIAILibrary for AI-powered application security scanning. It focuses on reducing critical exposures by providing unified visibility across cloud, SaaS, and AI environments. The library employs techniques like Attack Surface Management (ASM) and an AI attacker emulation tool, "Red Agent," to identify and validate exploitable risks, including authorization flaws, business logic weaknesses, and complex API attack chains. It correlates external findings with internal environmental context to prioritize based on business impact and leverages an "AI remediator," "Green Agent," for context-aware guidance and workflow automation.
2026-06-01 2026Eliminate Critical API Attack Paths with Wiz API SPMAPI SecLibrary for continuous, agentless API discovery across AWS, Azure, and GCP environments. It assesses API exploitability by simulating attacker techniques, identifying "toxic combinations" where exposed APIs lead to sensitive data compromise. The library prioritizes remediation efforts and offers actionable guidance, even supporting automated workflows like triggering Terraform patches. It integrates API and cloud security context within a Security Graph, revealing attack paths and risks like SQL injection vulnerabilities or Broken Object Level Authorization.
2026-06-01 2026Miasma: Supply Chain Attack Targeting RedHat npm PackagesSupply ChainAnalysis of Miasma details a supply chain attack targeting @redhat-cloud-services npm packages, compromising at least 32 releases. The attack involved unauthorized code modifications, obfuscated JavaScript payloads using eval() and ROT-based decoding, and new data collectors for GCP and Azure identities. This variant, similar to TeamPCP's (Mini) Shai-Hulud malware, employs unique encrypted payloads per infection. The root cause appears to be a compromised Red Hat employee GitHub account that injected malware via orphan commits and manipulated GitHub Actions to publish packages with valid SLSA provenance attestations.
2026-05-23 2026AI Security Solutions In 2026: Tools To Secure AIAIPlatform for AI security posture management (AI-SPM) that provides centralized visibility and risk assessment across the AI lifecycle, from development to runtime. It maps your AI estate using a security graph to detect and prioritize risks like model exposure and prompt injection, addressing threats such as shadow AI, data poisoning, and over-permissioned agents. The platform secures infrastructure, governs training data, restricts agent permissions, and monitors live model behavior for anomalies, with Wiz AI-SPM being a leading solution for comprehensive AI security.
2026-05-19 2026The Worm That Keeps on Digging: TeamPCP Hits @antv in Latest WaveSupply ChainAnalysis of a coordinated software supply chain attack reveals malware targeting NPM packages within the @antv namespace, GitHub Actions like actions-cool/issues-helper, and the VSCode extension nrwl.angular-console v18.95.0. The campaign, attributed to "TeamPCP", leverages orphaned GitHub commits for payload hosting and uses `bun` for execution, stealing credentials and establishing persistence via a Python backdoor at `~/.local/share/kitty/cat.py`. The backdoor uses the trigger `firedalazer` for C2 communication, executing remote Python code.
2026-05-19 20267 Serious AI Security Risks and How to Mitigate ThemAILibrary addressing AI security risks including prompt injection attacks and data leaks. It details mitigations for limited testing, lack of explainability, data breaches, adversarial attacks, bias, and supply chain risks, highlighting techniques like adversarial training, interpretable models, encryption, differential privacy, ensemble methods, and bias audits. The resource also notes how LLMs enable attackers to work faster, create convincing deceptions, operate more independently, and discover new vulnerabilities, impacting systems like Slack AI.
2026-05-12 20267 AI Security Tools to Prepare You for Every Attack PhaseAILibrary for hardening machine learning models against adversarial threats, the Adversarial Robustness Toolbox (ART) offers Python modules for assessing, defending, and verifying security. It supports 39 attack and 29 defense modules across major ML frameworks like TensorFlow and PyTorch, handling various data modalities. ART provides robustness metrics for objective resilience reporting, best suited for ML researchers and security engineers focused on adversarial attack simulation and model hardening during development.
2026-05-06 2026Critical Buffer Overflow Vulnerability in PAN-OS Exploited in-the-WildRCEWriteup of CVE-2026-0300, a critical buffer overflow in Palo Alto Networks PAN-OS, allowing unauthenticated attackers remote code execution with root privileges. The vulnerability targets the User-ID Authentication Portal service, particularly when exposed to untrusted networks or the public internet. Exploitation risk is high for instances accessible externally via ports 6081 or 6082. Immediate patching, access restriction, or disabling the portal are recommended mitigation steps.
2026-04-29 2026Supply Chain Campaign Targets SAP npm Packages with Credential-Stealing MalwareSecretsSupply ChainLibrary for detecting the "Mini Shai Hulud" supply chain attack, which compromises SAP npm packages like `@cap-js/sqlite` and `@cap-js/postgres` using malicious preinstall scripts. The malware harvests developer and CI/CD secrets from GitHub, npm, and cloud providers (AWS, Azure, GCP) via multi-stage payloads, exfiltrating data through attacker-controlled GitHub repositories using the GraphQL API. It also attempts to poison GitHub repositories and steal browser credentials, with attribution to TeamPCP based on shared RSA keys and code similarities.
2026-04-28 2026GitHub RCE Vulnerability: CVE-2026-3854 BreakdownRCETool for analyzing CVE-2026-3854, a critical RCE vulnerability in GitHub's internal git infrastructure. This flaw, exploitable via a single git push from an authenticated user, allowed arbitrary command execution on GitHub.com's backend servers, potentially exposing millions of repositories. On GitHub Enterprise Server, it granted full server compromise. The analysis details the X-Stat header injection flaw and the exploitation chain involving `rails_env`, `custom_hooks_dir`, and `repo_pre_receive_hooks` fields to bypass sandboxing and achieve remote code execution.
2026-04-22 2026GitHub Actions Security Pt 1: Attacks & Defenses (Wiz)Supply ChainLibrary detailing GitHub Actions security, addressing common misconfigurations and outlining defensive strategies. It explains the threat model, covering risks like Pull Request pwnage and script injection, exemplified by attacks such as the Trivy supply chain compromise exploiting `pull_request_target` and `workflow_run` triggers. The entry emphasizes understanding the trust boundary between repository owners and external actors to prevent code execution with elevated permissions.
2026-04-16 2026SSRF Vulnerability on Major Gaming Company (Wiz Bug Bounty)SSRFWriteup detailing a real-world SSRF vulnerability discovered at a major gaming company. The challenge involves exploiting a content service that fetches resources from provided URLs to access internal cloud infrastructure and sensitive credentials. Attackers aim to trick the server into making unintended requests, thereby reaching hidden internal resources and extracting a flag.
2026-04-16 2026React2Shell Deep Dive: CVE-2025-55182 Exploit MechanicsRCELibrary detailing CVE-2025-55182, dubbed "React2Shell," a critical RCE vulnerability in React Server Components. This library breaks down the exploit mechanics, including improper input deserialization and gadget chains, and analyzes in-the-wild attacks observed by Wiz. These attacks range from opportunistic cryptomining and credential harvesting to sophisticated cloud backdoors leveraging Node.js for fileless persistence and Sliver implants for long-term access. The vulnerability has broader implications beyond Next.js, affecting frameworks like Waku and Vite with RSC plugins.
2026-04-11 2026npm Supply Chain Attack: debug, chalk, and BeyondSupply ChainLibrary for detecting and mitigating widespread npm supply chain attacks, specifically detailing the debug/chalk incident. This resource unpacks how malicious versions of popular packages, including debug and chalk, were distributed and bundled into frontend applications. The attack hijacks browser network and wallet APIs to silently rewrite cryptocurrency recipients and approvals, diverting transactions to attacker-controlled wallets. It highlights the rapid propagation through CI/CD pipelines and the scope beyond initial reports, emphasizing the need for ongoing vigilance and registry updates.
2026-04-11 2026s1ngularity: Nx supply chain attack leaks secretsSupply ChainWriteup of the s1ngularity Nx supply chain attack, detailing how malicious Nx build system npm packages led to the exfiltration of sensitive developer assets like cryptocurrency wallets, GitHub tokens, and SSH keys. The attack leveraged AI CLI tools for reconnaissance and initially exfiltrated data to attacker-controlled GitHub repositories, which were later disabled by GitHub. A subsequent phase involved using leaked GitHub tokens to publicly expose over 5500 private repositories. The compromise was attributed to a flawed GitHub Actions workflow using `pull_request_target` with unsanitized pull request titles, granting arbitrary command execution and elevated permissions.
2026-04-11 2026tj-actions/changed-files supply chain attackSupply ChainLibrary update detailing a supply chain attack on the tj-actions/changed-files GitHub Action, leading to CVE-2025-30066. The compromise involved a malicious payload that leaked secrets from affected repositories into workflow logs, including AWS access keys, GitHub PATs, and private RSA keys. Mitigation steps include stopping usage of the affected action, rotating leaked secrets, pinning actions to commit hashes, and utilizing GitHub's allow-listing features. The attack vector likely involved compromising a GitHub personal access token.
2026-04-11 2026Shai-Hulud 2.0: 25K+ Repos ExposedSupply ChainShai-Hulud 2.0: 25K+ Repos Exposed
2026-04-11 2026What is Open Policy Agent (OPA)?AuthZLibrary for managing cloud-native policies, Open Policy Agent (OPA) offers a unified, context-aware approach by decoupling policy enforcement from application code. It uses the Rego policy language for expressive, declarative rules, enabling security and compliance through policy-as-code, consistency across Kubernetes, microservices, and CI/CD pipelines, and efficient updates via a centralized policy library.
2026-04-11 2026Kubernetes RBAC Best PracticesAuthZReference detailing Kubernetes RBAC best practices, emphasizing the importance of the principle of least privilege (PoLP) and regular permission reviews. It highlights the risks of misconfigured RBAC, citing the "RBAC Buster" attack, and recommends tools like Open Policy Agent (OPA) for automating policies and Wiz for auditing. The entry also covers using namespaces for scope limitation, auditing RBAC events, securing sensitive operations, and integrating with external identity providers.
2026-04-11 2026CVE-2025-47275: Auth0-PHP SDK CriticalAuthNLibrary for detecting authentication bypass vulnerabilities within the Auth0-PHP SDK, specifically addressing CVE-2025-47275. This critical flaw allows attackers to circumvent authentication mechanisms.
2026-04-10 2026OWASP API Security Top 10 RisksAPI SecReference detailing the OWASP API Security Top 10 Risks, updated in 2023 to reflect evolving threats. This includes risks like Broken Object Level Authorization (BOLA), Broken Authentication, Broken Object Property Level Authorization (BOPLA), Unrestricted Resource Consumption, Broken Function Level Authorization (BFLA), Unrestricted Access to Sensitive Business Flows, Server-Side Request Forgery (SSRF), and Security Misconfiguration. The document offers mitigation strategies for these vulnerabilities, citing examples like Uber and Trello breaches.
2026-04-10 20269 Top OSINT Tools & How to Evaluate ThemOSINTLibrary for OSINT that streamlines threat intelligence gathering by processing publicly available information from various sources. It aids in identifying exposed assets, leaked credentials, and risky domains, offering features like multilingual analysis, dark web monitoring via DarkSearch.io, and metadata extraction from documents with FOCA. Tools like BuiltWith help map attack surfaces, while Intelligence X and Babel X focus on discovering sensitive data and threat actor activity across deep and dark web platforms.
2026-04-10 2026GraphQL API Security Risks Every Developer Should KnowGraphQLLibrary for GraphQL API security, focusing on mitigating risks like excessive query complexity, data over-exposure, injection attacks (SQL, command, prompt), Insecure Direct Object Reference (IDOR), denial-of-service (DoS) via query amplification and complexity bombs, schema introspection misuse, and Cross-Site Request Forgery (CSRF) on mutation operations. It recommends best practices such as field-level authorization, query whitelisting, depth limits, and query cost analysis to protect against these vulnerabilities.
2026-04-10 2026Critical Redis RCE Vulnerability: CVE-2025-49844RCEWriteup on CVE-2025-49844, dubbed #RediShell, detailing a critical Use-After-Free (UAF) vulnerability in Redis. This flaw allows authenticated attackers to execute arbitrary native code on the Redis host by escaping the Lua sandbox with a crafted Lua script. Given Redis's prevalence in cloud environments, this vulnerability poses a significant risk, potentially leading to data exfiltration, lateral movement, and system compromise. The writeup also highlights affected forks like Valkey and managed services such as Amazon ElastiCache, Google Cloud Memorystore, and Azure Cache for Redis.
2026-04-10 2026Ivanti EPMM RCE Vulnerability Chain Exploited in the WildRCEWriteup detailing the exploitation of Ivanti EPMM by CVE-2025-4427 and CVE-2025-4428, a chain enabling unauthenticated RCE. The attack bypasses authentication via misconfigured Spring Security and leverages Java Expression Language injection for code execution. Observed in-the-wild activity includes Sliver beacon C2 communication, MySQL database dumping, deployment of JSP web shells, and direct reverse shells. Affected versions include 11.12.0.4 and prior, 12.3.0.1 and prior, 12.4.0.1 and prior, and 12.5.0.0 and prior.
2026-04-10 2026Gogs Zero-Day RCE (CVE-2025-8110) Actively ExploitedRCEWriteup detailing CVE-2025-8110, an actively exploited RCE in Gogs, a self-hosted Git service. This vulnerability is a symlink bypass of a previous RCE (CVE-2024-55947), allowing authenticated users to overwrite files outside the repository via the PutContents API. The exploit chain involves committing a symlink and then using the API to overwrite sensitive files like `.git/config`. Wiz Research discovered this zero-day during an investigation, finding over 700 compromised instances public-facing. A fix is available in Gogs version v0.13.4.
2026-04-06 2026Secure Code Scanning: Basics & Best PracticesSecretsLibrary for secure code scanning, a practice vital for identifying and resolving security flaws, code smells, and data privacy risks across first-party code, third-party libraries, and container images. It leverages techniques like flow-based analysis and pattern matching to detect vulnerabilities such as SQL injection and RCE, citing real-world examples like the MOVEit Transfer and Ollama (CVE-2024-37032) incidents. The library aids in preventing costly data breaches by integrating security into the SDLC and offers Software Composition Analysis (SCA) to manage dependencies and licenses.
2026-04-03 2026API management: Fundamentals for cloud security teamsAPI SecLibrary for API management, a crucial component of cloud security, offering standardized authentication and policy enforcement via edge gateways. It enhances API security by combining agentless cloud scanning with API discovery, mapping APIs to cloud resources and data sensitivity. This approach reduces incident response times, minimizes audit findings, and enables zero trust architectures by addressing vulnerabilities like broken object-level authorization, broken authentication, and shadow APIs. Key capabilities include gateway traffic management, centralized authentication/authorization, and comprehensive monitoring and observability.
2026-04-03 2026Axios NPM Distribution Compromised in Supply Chain AttackSupply ChainAnalysis of the Axios npm supply chain attack details how a compromised maintainer account led to malicious versions (v1.14.1, v0.30.4) being published, introducing a dependency on the trojanized `plain-crypto-js` package. This compromise, tracked as GHSA-fw8c-xr5c-95f9 and MAL-2026-2306, involved a dropper executing platform-specific RATs from `sfrclak.com:8000`. Security teams should audit axios usage, rotate exposed credentials, investigate compromise paths, and monitor for suspicious activity.
2026-03-01 2026Server-Side Request Forgery: What It Is & How To Fix It | WizSSRFLibrary detailing Server-Side Request Forgery (SSRF) vulnerabilities, explaining how attackers trick servers into making requests to internal resources like cloud metadata services and sensitive systems. It highlights SSRF's inclusion in the OWASP Top 10 and CWE Top 25, with examples like the Capital One breach. The library emphasizes prevention through strict input validation, egress controls, API security best practices, and continuous API inventory management, referencing tools like SSRFire and ZAP for detection.
2026-01-22 2026Bug Bounty Masterclass | WizBug BountyMasterclass on bug bounty hunting methodology, drawing from actual successful submissions. It showcases high-value findings like airline data dumps, domain registrar exposure, and admin panel compromises, alongside vulnerabilities such as SSRF and authentication bypasses on major companies. The program aims to guide beginners through a consistent learning path to achieving significant payouts.
2026-01-01 2026CVE-2025-23469 Impact Exploitability and Mitigation StepsXSSThe content discusses the CVE-2025-23469 vulnerability, focusing on its impact, exploitability, and mitigation steps. It provides insights into the potential consequences of the vulnerability, the likelihood of it being exploited, and steps that can be taken to mitigate the risks associated with it. The link provided directs to further details on the vulnerability in the Wiz vulnerability database.
2025-11-10 2025CVE-2025-31029 Impact Exploitability and Mitigation StepsXSSWriteup detailing CVE-2025-31029, an impact exploitability and mitigation analysis. This community-led vulnerability database entry provides insights into a critical cloud security issue, enabling users to evaluate their practices across nine security domains and identify defensive gaps.
2025-11-10 2025CVE-2024-13992 Impact Exploitability and Mitigation StepsXSSWriteup of CVE-2024-13992, detailing its impact, exploitability, and mitigation steps. This analysis focuses on a cloud vulnerability, offering insights relevant to assessing and strengthening cloud security practices.
2025-11-10 2025CVE-2013-10074 Impact Exploitability and Mitigation StepsXSSReference for CVE-2013-10074, detailing its impact, exploitability, and mitigation steps. This vulnerability, documented within the Wiz Cloud Vulnerability Database, highlights potential gaps in cloud security practices. The database aims to provide a community-led resource for understanding and addressing cloud-based threats, offering insights beyond basic security domain assessments.
2025-11-10 2025CVE-2024-13993 Impact Exploitability and Mitigation StepsXSSLibrary for identifying and mitigating CVE-2024-13993, a cloud vulnerability. This resource offers detailed analysis, exploitability insights, and practical mitigation steps to safeguard cloud environments against this specific threat. It enables users to assess their security practices and identify defensive gaps.
2025-11-10 2025CVE-2018-25119 Impact Exploitability and Mitigation StepsXSSAnalysis of CVE-2018-25119 details its impact, exploitability, and mitigation steps for cloud security. The Wiz vulnerability database offers free assessments to evaluate cloud security practices across nine domains, identifying defense gaps and benchmarking risk levels, aiming to provide full visibility into cloud workloads.
2025-11-10 2025CVE-2021-47689 Impact Exploitability and Mitigation StepsXSSLibrary for understanding CVE-2021-47689, detailing its impact, exploitability, and mitigation steps. This resource focuses on this specific cloud vulnerability, offering insights into how it can be leveraged and how to defend against it. It aims to empower users with the knowledge to assess and address security gaps within their cloud environments.
2025-11-10 2025CVE-2025-62076 Impact Exploitability and Mitigation StepsXSSLibrary for researching CVE-2025-62076, detailing its impact, exploitability, and mitigation steps. The entry offers a free vulnerability assessment across nine security domains to benchmark cloud security practices and identify defense gaps. Wiz.io provides this community-led database entry, highlighting its utility for understanding and addressing cloud security vulnerabilities.
2025-11-10 2025CVE-2025-62030 Impact Exploitability and Mitigation StepsXSSReference detailing CVE-2025-62030, outlining its impact and exploitability. This entry provides mitigation steps and is part of a community-led vulnerabilities database, offering free assessment across nine security domains to benchmark risk and identify defense gaps.
2025-11-10 2025CVE-2025-59556 Impact Exploitability and Mitigation StepsXSSAnalysis of CVE-2025-59556 details its impact and exploitability within cloud environments. This entry also provides actionable mitigation steps to secure against this specific vulnerability, allowing organizations to assess and improve their cloud security practices across multiple domains and identify potential defense gaps.
2025-11-10 2025CVE-2025-62036 Impact Exploitability and Mitigation StepsXSSLibrary for discovering and mitigating CVE-2025-62036 in cloud environments. This resource details the impact and exploitability of the vulnerability, offering practical mitigation steps to secure cloud workloads. It emphasizes achieving full visibility and identifying critical security gaps within cloud infrastructure.
2025-11-06 2025CVE-2025-31366 Impact Exploitability and Mitigation StepsXSSLibrary for evaluating cloud security practices, this resource details CVE-2025-31366. It assesses risk levels across nine security domains, identifies defense gaps, and offers a free vulnerability assessment. The database aims to provide full visibility to cloud workloads and validate critical findings.
2025-09-26 2025IMDS Abused: Hunting Rare Behaviors to Uncover ExploitsSSRFLibrary for detecting and mitigating abuse of cloud Instance Metadata Services (IMDS). It details how threat actors exploit IMDS for credential theft and lateral movement, focusing on techniques like Server-Side Request Forgery (SSRF) against IMDSv1 and misconfigured workloads. The library highlights a data-driven approach to anomaly hunting, identifying rare IMDS access patterns, filtering by sensitive metadata paths, and contextualizing compute environments. This methodology led to the discovery of CVE-2025-51591, a zero-day SSRF vulnerability in pandoc, exploited to access sensitive IAM credentials.
2025-09-15 2025Server-Side Request Forgery: What It Is & How To Fix ItSSRFLibrary for detecting and preventing Server-Side Request Forgery (SSRF), a critical vulnerability where attackers trick servers into accessing internal resources. It covers how SSRF exploits cloud metadata services, internal APIs, and sensitive systems, and recommends strict input validation, egress controls, and API security best practices, referencing techniques seen in the Capital One breach and tools like SSRFire and ZAP.