Wiz io
@wizsecurity.bsky.social
Secure everything you build and run in the cloud
Pinned
Wiz io
@wizsecurity.bsky.social
· Jul 29
🚨 We found a critical vulnerability in the popular Vibe Coding Platform Base44: No password. No invite. Full access.
🤖 65% of Forbes AI 50 companies leaked secrets on GitHub. Shay from our research team revealed how AI speed without security = leaks waiting to happen.
Full Wiz Research report 👉 www.wiz.io/blog/forbes-...
Full Wiz Research report 👉 www.wiz.io/blog/forbes-...
65% of Startups from Forbes AI 50 Leaked Secrets on GitHub | Wiz Blog
A Wiz investigation into the Forbes AI 50 reveals 65% of leading AI startups had leaked secrets. See real examples, leak types, and how to prevent this.
www.wiz.io
November 10, 2025 at 2:57 PM
🤖 65% of Forbes AI 50 companies leaked secrets on GitHub. Shay from our research team revealed how AI speed without security = leaks waiting to happen.
Full Wiz Research report 👉 www.wiz.io/blog/forbes-...
Full Wiz Research report 👉 www.wiz.io/blog/forbes-...
New CTF challenge ($20,000 IN PRIZES) 💥
We're running "Operation Cloudfall" - a live CTF during BlackHat & zeroday.cloud on December 10-11.
Get your free pass to the event today: zeroday.cloud/operation-cloudfall
See you in London 🇬🇧
We're running "Operation Cloudfall" - a live CTF during BlackHat & zeroday.cloud on December 10-11.
Get your free pass to the event today: zeroday.cloud/operation-cloudfall
See you in London 🇬🇧
November 6, 2025 at 5:55 PM
New CTF challenge ($20,000 IN PRIZES) 💥
We're running "Operation Cloudfall" - a live CTF during BlackHat & zeroday.cloud on December 10-11.
Get your free pass to the event today: zeroday.cloud/operation-cloudfall
See you in London 🇬🇧
We're running "Operation Cloudfall" - a live CTF during BlackHat & zeroday.cloud on December 10-11.
Get your free pass to the event today: zeroday.cloud/operation-cloudfall
See you in London 🇬🇧
🕹️ Meet Path-Man: Your new favorite game. 👾👾👾
Our 1-minute Wiz ASM game has arrived!
🤔 Here's the challenge: Navigate the attack surface to reach exploitable risk before the attackers get you.
Think you've got the skills? wiz.io/path-man
Our 1-minute Wiz ASM game has arrived!
🤔 Here's the challenge: Navigate the attack surface to reach exploitable risk before the attackers get you.
Think you've got the skills? wiz.io/path-man
Path-Man | Wiz
Find exploitable exposures before hackers do
wiz.io
November 5, 2025 at 1:15 PM
🕹️ Meet Path-Man: Your new favorite game. 👾👾👾
Our 1-minute Wiz ASM game has arrived!
🤔 Here's the challenge: Navigate the attack surface to reach exploitable risk before the attackers get you.
Think you've got the skills? wiz.io/path-man
Our 1-minute Wiz ASM game has arrived!
🤔 Here's the challenge: Navigate the attack surface to reach exploitable risk before the attackers get you.
Think you've got the skills? wiz.io/path-man
🎃 Something spooky's brewing in the cloud...
Introducing a new CTF challenge - "Game of Pods" 🕸️
💀 Written by top Azure researcher & worth 30 points, it's our BIGGEST challenge yet!
Get your skills ready for zeroday.cloud: cloudsecuritychampionship.com
Introducing a new CTF challenge - "Game of Pods" 🕸️
💀 Written by top Azure researcher & worth 30 points, it's our BIGGEST challenge yet!
Get your skills ready for zeroday.cloud: cloudsecuritychampionship.com
October 27, 2025 at 1:41 PM
🎃 Something spooky's brewing in the cloud...
Introducing a new CTF challenge - "Game of Pods" 🕸️
💀 Written by top Azure researcher & worth 30 points, it's our BIGGEST challenge yet!
Get your skills ready for zeroday.cloud: cloudsecuritychampionship.com
Introducing a new CTF challenge - "Game of Pods" 🕸️
💀 Written by top Azure researcher & worth 30 points, it's our BIGGEST challenge yet!
Get your skills ready for zeroday.cloud: cloudsecuritychampionship.com
Need a partner to finish that exploit chain for ZERODAY.CLOUD?
We just launched our Research Collaboration Center at zeroday.cloud/collab to connect researchers, combine skills, and meet the deadline. 🤝
The clock is ticking... ⏱️
We just launched our Research Collaboration Center at zeroday.cloud/collab to connect researchers, combine skills, and meet the deadline. 🤝
The clock is ticking... ⏱️
October 23, 2025 at 4:00 PM
Need a partner to finish that exploit chain for ZERODAY.CLOUD?
We just launched our Research Collaboration Center at zeroday.cloud/collab to connect researchers, combine skills, and meet the deadline. 🤝
The clock is ticking... ⏱️
We just launched our Research Collaboration Center at zeroday.cloud/collab to connect researchers, combine skills, and meet the deadline. 🤝
The clock is ticking... ⏱️
Our biggest reminder yet. ZERODAY.CLOUD.
A first-of-its-kind, open-source cloud hacking competition.
Find vulnerabilities in the critical open-source software that powers the cloud, and compete for your share of a $4.5M prize pool.
➡️ www.zeroday.cloud
A first-of-its-kind, open-source cloud hacking competition.
Find vulnerabilities in the critical open-source software that powers the cloud, and compete for your share of a $4.5M prize pool.
➡️ www.zeroday.cloud
October 16, 2025 at 5:24 PM
Our biggest reminder yet. ZERODAY.CLOUD.
A first-of-its-kind, open-source cloud hacking competition.
Find vulnerabilities in the critical open-source software that powers the cloud, and compete for your share of a $4.5M prize pool.
➡️ www.zeroday.cloud
A first-of-its-kind, open-source cloud hacking competition.
Find vulnerabilities in the critical open-source software that powers the cloud, and compete for your share of a $4.5M prize pool.
➡️ www.zeroday.cloud
🎁 We're giving away 2,000 SHIFT LEFT keyboards ↓
Want one on your desk?
Fill out the form >> redeem.reachdesk.com/lp/wiz/shift...
That's it! The keyboard is on its way 📦
Why are we doing this? 👀
A secret game is coming… and the whole world is invited.
Want one on your desk?
Fill out the form >> redeem.reachdesk.com/lp/wiz/shift...
That's it! The keyboard is on its way 📦
Why are we doing this? 👀
A secret game is coming… and the whole world is invited.
October 16, 2025 at 4:50 PM
🎁 We're giving away 2,000 SHIFT LEFT keyboards ↓
Want one on your desk?
Fill out the form >> redeem.reachdesk.com/lp/wiz/shift...
That's it! The keyboard is on its way 📦
Why are we doing this? 👀
A secret game is coming… and the whole world is invited.
Want one on your desk?
Fill out the form >> redeem.reachdesk.com/lp/wiz/shift...
That's it! The keyboard is on its way 📦
Why are we doing this? 👀
A secret game is coming… and the whole world is invited.
🚨 Wiz Research uncovered 100+ leaked VSCode publisher tokens that could let attackers push malicious updates to 185K+ installs. We partnered with Microsoft to secure tokens and protect the ecosystem.
Supply Chain Risk in VSCode Extension Marketplaces | Wiz Blog
Wiz Research uncovered 500+ leaked secrets in VSCode and Open VSX extensions, exposing 150K installs to risk. Learn what happened and how it was fixed.
www.wiz.io
October 15, 2025 at 2:34 PM
🚨 Wiz Research uncovered 100+ leaked VSCode publisher tokens that could let attackers push malicious updates to 185K+ installs. We partnered with Microsoft to secure tokens and protect the ecosystem.
🤖 We're witnessing something unprecedented with AI agents:
Malware that literally prompts ChatGPT, Claude, and other LLMs to write its own attack code. Live. On victim machines.
Malware that literally prompts ChatGPT, Claude, and other LLMs to write its own attack code. Live. On victim machines.
Emerging Threat: AI-Powered Malware Attacks | Wiz Blog
From LameHug to s1ngularity, attackers are invoking AI directly in malware payloads.
www.wiz.io
October 9, 2025 at 2:32 PM
🤖 We're witnessing something unprecedented with AI agents:
Malware that literally prompts ChatGPT, Claude, and other LLMs to write its own attack code. Live. On victim machines.
Malware that literally prompts ChatGPT, Claude, and other LLMs to write its own attack code. Live. On victim machines.
Introducing ZERODAY.CLOUD🕵️♀️
Be the first to participate in the first-of-its-kind cloud hacking competition. 🤝
WIN HUGE PRIZES from our up to 4.5 million dollar prize pool. 💰🏆
Join us to help make the cloud a safer place. Register your exploit now >> zeroday.cloud
Be the first to participate in the first-of-its-kind cloud hacking competition. 🤝
WIN HUGE PRIZES from our up to 4.5 million dollar prize pool. 💰🏆
Join us to help make the cloud a safer place. Register your exploit now >> zeroday.cloud
September 30, 2025 at 5:39 PM
Introducing ZERODAY.CLOUD🕵️♀️
Be the first to participate in the first-of-its-kind cloud hacking competition. 🤝
WIN HUGE PRIZES from our up to 4.5 million dollar prize pool. 💰🏆
Join us to help make the cloud a safer place. Register your exploit now >> zeroday.cloud
Be the first to participate in the first-of-its-kind cloud hacking competition. 🤝
WIN HUGE PRIZES from our up to 4.5 million dollar prize pool. 💰🏆
Join us to help make the cloud a safer place. Register your exploit now >> zeroday.cloud
@fortune.com JUST DROPPED A FEATURE ON Wiz 🔥
If you've been following the Wiz story, this one's for you.
HUGE shoutout to everyone who made this story worth telling. You helped build something Fortune couldn't ignore 💙
fortune.com/article/wiz-...
If you've been following the Wiz story, this one's for you.
HUGE shoutout to everyone who made this story worth telling. You helped build something Fortune couldn't ignore 💙
fortune.com/article/wiz-...
September 30, 2025 at 2:58 PM
@fortune.com JUST DROPPED A FEATURE ON Wiz 🔥
If you've been following the Wiz story, this one's for you.
HUGE shoutout to everyone who made this story worth telling. You helped build something Fortune couldn't ignore 💙
fortune.com/article/wiz-...
If you've been following the Wiz story, this one's for you.
HUGE shoutout to everyone who made this story worth telling. You helped build something Fortune couldn't ignore 💙
fortune.com/article/wiz-...
🚨 #Shai-Hulud: Major npm supply chain attack.
100+ packages weaponized with stolen GitHub tokens, stealing secrets, hijacking repos, and auto-propagating like a worm.
Guidance + detections inside
www.wiz.io/blog/shai-hu...
100+ packages weaponized with stolen GitHub tokens, stealing secrets, hijacking repos, and auto-propagating like a worm.
Guidance + detections inside
www.wiz.io/blog/shai-hu...
September 16, 2025 at 2:20 PM
🚨 #Shai-Hulud: Major npm supply chain attack.
100+ packages weaponized with stolen GitHub tokens, stealing secrets, hijacking repos, and auto-propagating like a worm.
Guidance + detections inside
www.wiz.io/blog/shai-hu...
100+ packages weaponized with stolen GitHub tokens, stealing secrets, hijacking repos, and auto-propagating like a worm.
Guidance + detections inside
www.wiz.io/blog/shai-hu...
🚨 Major npm hijack: Attackers took over Qix's account (chalk, debug & more). Malicious versions briefly hit npm, injecting browser code to hijack crypto transactions.
DuckDB ecosystem is also affected.
DuckDB ecosystem is also affected.
September 9, 2025 at 12:26 PM
🚨 Major npm hijack: Attackers took over Qix's account (chalk, debug & more). Malicious versions briefly hit npm, injecting browser code to hijack crypto transactions.
DuckDB ecosystem is also affected.
DuckDB ecosystem is also affected.
Meet WizOS 💥 Public Preview! Secure, minimal container images with near-zero CVEs. Less patching, more speed, swap images right in your CI/CD & IDEs.
www.wiz.io/blog/wizos-t...
www.wiz.io/blog/wizos-t...
WizOS Is Here: Container Security from the Image Up | Wiz Blog
WizOS is now in public preview: minimal, secured container images built by Wiz with near-zero CVEs. Join now to access the Secured Image Catalog.
www.wiz.io
September 9, 2025 at 11:07 AM
Meet WizOS 💥 Public Preview! Secure, minimal container images with near-zero CVEs. Less patching, more speed, swap images right in your CI/CD & IDEs.
www.wiz.io/blog/wizos-t...
www.wiz.io/blog/wizos-t...
🚨 One leaked #AWS key fueled a global phishing campaign. Wiz traced the attack, stopped it with Defend alerts, and added protections so one key never opens every door.
Full story 👉 www.wiz.io/blog/wiz-dis...
Full story 👉 www.wiz.io/blog/wiz-dis...
Wiz Uncovers SES Abuse Campaign Using Stolen AWS Access Keys | Wiz Blog
From leaked AWS access keys to large-scale spam: Wiz Research uncovered a live Amazon SES abuse campaign, turning insights into early-warning detections.
www.wiz.io
September 8, 2025 at 12:13 PM
🚨 One leaked #AWS key fueled a global phishing campaign. Wiz traced the attack, stopped it with Defend alerts, and added protections so one key never opens every door.
Full story 👉 www.wiz.io/blog/wiz-dis...
Full story 👉 www.wiz.io/blog/wiz-dis...
🚨 Your Cloud DFIR Desk Mat is here!
A first-ever poster mapping MITRE ATT&CK to key AWS, Azure & GCP log sources and API events.
📥 Get your copy: threats.wiz.io/cloud-dfir-p...
A first-ever poster mapping MITRE ATT&CK to key AWS, Azure & GCP log sources and API events.
📥 Get your copy: threats.wiz.io/cloud-dfir-p...
September 2, 2025 at 1:45 PM
🚨 Your Cloud DFIR Desk Mat is here!
A first-ever poster mapping MITRE ATT&CK to key AWS, Azure & GCP log sources and API events.
📥 Get your copy: threats.wiz.io/cloud-dfir-p...
A first-ever poster mapping MITRE ATT&CK to key AWS, Azure & GCP log sources and API events.
📥 Get your copy: threats.wiz.io/cloud-dfir-p...
🚨 New CTF: Azure APT 🏆
Step into the shoes of an attacker targeting Azure. Use a malicious OAuth app, bypass restrictions, and capture the flag.
Can you solve all 12 CTF's and WIN our belt?
Test your skills with this month's CTF by Lior Sonntag 👉 www.cloudsecuritychampionship.com/challenge/3
Step into the shoes of an attacker targeting Azure. Use a malicious OAuth app, bypass restrictions, and capture the flag.
Can you solve all 12 CTF's and WIN our belt?
Test your skills with this month's CTF by Lior Sonntag 👉 www.cloudsecuritychampionship.com/challenge/3
August 28, 2025 at 1:03 PM
🚨 New CTF: Azure APT 🏆
Step into the shoes of an attacker targeting Azure. Use a malicious OAuth app, bypass restrictions, and capture the flag.
Can you solve all 12 CTF's and WIN our belt?
Test your skills with this month's CTF by Lior Sonntag 👉 www.cloudsecuritychampionship.com/challenge/3
Step into the shoes of an attacker targeting Azure. Use a malicious OAuth app, bypass restrictions, and capture the flag.
Can you solve all 12 CTF's and WIN our belt?
Test your skills with this month's CTF by Lior Sonntag 👉 www.cloudsecuritychampionship.com/challenge/3
🚨 hashtag#s1ngularity: a supply chain attack hiding in the Nx npm package
Malicious versions stole hashtag#GitHub tokens, SSH keys, wallets, and secrets, even hijacking AI CLI tools to help exfiltrate data.
Malicious versions stole hashtag#GitHub tokens, SSH keys, wallets, and secrets, even hijacking AI CLI tools to help exfiltrate data.
s1ngularity: supply chain attack leaks secrets on GitHub: everything you need to know | Wiz Blog
Detect and mitigate a critical supply chain compromise affecting the Nx NPM Package. Organizations should act urgently.
www.wiz.io
August 27, 2025 at 12:11 PM
🚨 hashtag#s1ngularity: a supply chain attack hiding in the Nx npm package
Malicious versions stole hashtag#GitHub tokens, SSH keys, wallets, and secrets, even hijacking AI CLI tools to help exfiltrate data.
Malicious versions stole hashtag#GitHub tokens, SSH keys, wallets, and secrets, even hijacking AI CLI tools to help exfiltrate data.
🚨 New keys just dropped… and they're already leaking.
#AWS introduced Bedrock API keys, both long-term and short-term. On the surface, they look like just another way to authenticate.
But here's the twist ⬇️
#AWS introduced Bedrock API keys, both long-term and short-term. On the surface, they look like just another way to authenticate.
But here's the twist ⬇️
August 21, 2025 at 12:52 PM
🚨 New keys just dropped… and they're already leaking.
#AWS introduced Bedrock API keys, both long-term and short-term. On the surface, they look like just another way to authenticate.
But here's the twist ⬇️
#AWS introduced Bedrock API keys, both long-term and short-term. On the surface, they look like just another way to authenticate.
But here's the twist ⬇️
🤖 AI agents are everywhere now.
So we put together a practical security guide that actually maps out what's happening in the wild. 👇
No fluff. Just the stuff security teams need to know.
Save this cheat sheet 💾
So we put together a practical security guide that actually maps out what's happening in the wild. 👇
No fluff. Just the stuff security teams need to know.
Save this cheat sheet 💾
August 19, 2025 at 12:08 PM
🤖 AI agents are everywhere now.
So we put together a practical security guide that actually maps out what's happening in the wild. 👇
No fluff. Just the stuff security teams need to know.
Save this cheat sheet 💾
So we put together a practical security guide that actually maps out what's happening in the wild. 👇
No fluff. Just the stuff security teams need to know.
Save this cheat sheet 💾
🤖 AI agents are everywhere now.
So we put together a practical security guide that actually maps out what's happening in the wild. 👇
No fluff. Just the stuff security teams need to know.
Save this cheat sheet 💾
So we put together a practical security guide that actually maps out what's happening in the wild. 👇
No fluff. Just the stuff security teams need to know.
Save this cheat sheet 💾
August 19, 2025 at 12:04 PM
🤖 AI agents are everywhere now.
So we put together a practical security guide that actually maps out what's happening in the wild. 👇
No fluff. Just the stuff security teams need to know.
Save this cheat sheet 💾
So we put together a practical security guide that actually maps out what's happening in the wild. 👇
No fluff. Just the stuff security teams need to know.
Save this cheat sheet 💾
Introducing Wizmojis.com >> Our cloud security emojis for your Slack & WhatsApp that finally get YOU.
💬 Some favorites:
* blame-the-intern
* cve-part
* phishing-season
⬇️ Comment below — What emoji do you need on Slack?
The best ideas might just make it into the next pack of Wizmojis.
💬 Some favorites:
* blame-the-intern
* cve-part
* phishing-season
⬇️ Comment below — What emoji do you need on Slack?
The best ideas might just make it into the next pack of Wizmojis.
August 14, 2025 at 12:45 PM
Introducing Wizmojis.com >> Our cloud security emojis for your Slack & WhatsApp that finally get YOU.
💬 Some favorites:
* blame-the-intern
* cve-part
* phishing-season
⬇️ Comment below — What emoji do you need on Slack?
The best ideas might just make it into the next pack of Wizmojis.
💬 Some favorites:
* blame-the-intern
* cve-part
* phishing-season
⬇️ Comment below — What emoji do you need on Slack?
The best ideas might just make it into the next pack of Wizmojis.
You're officially invited to the BIGGEST WIZ EVENT of the year... WIZDOM!
We're going all in: Wizdom is your exclusive, in-person pass to the people & ideas shaping the future of cloud security ⬇︎
📍 New York City, Nov 3-5
📍 London, Nov 17-19
Your calendar won't block itself.
www.wiz.io/wizdom
We're going all in: Wizdom is your exclusive, in-person pass to the people & ideas shaping the future of cloud security ⬇︎
📍 New York City, Nov 3-5
📍 London, Nov 17-19
Your calendar won't block itself.
www.wiz.io/wizdom
Wizdom: Our first-ever user conference | Wiz
An exclusive gathering of cloud security leaders, innovators, and practitioners.
www.wiz.io
August 13, 2025 at 12:52 PM
You're officially invited to the BIGGEST WIZ EVENT of the year... WIZDOM!
We're going all in: Wizdom is your exclusive, in-person pass to the people & ideas shaping the future of cloud security ⬇︎
📍 New York City, Nov 3-5
📍 London, Nov 17-19
Your calendar won't block itself.
www.wiz.io/wizdom
We're going all in: Wizdom is your exclusive, in-person pass to the people & ideas shaping the future of cloud security ⬇︎
📍 New York City, Nov 3-5
📍 London, Nov 17-19
Your calendar won't block itself.
www.wiz.io/wizdom
Introducing... 🥁 Say hello to Wiz for Exposure Management! 🥳
Wiz for Exposure Management is a NEW way to unify, prioritize, and fix exposures everywhere it lives: in your cloud, code, and on-prem infrastructure.
Learn more: www.wiz.io/blog/wiz-for...
Wiz for Exposure Management is a NEW way to unify, prioritize, and fix exposures everywhere it lives: in your cloud, code, and on-prem infrastructure.
Learn more: www.wiz.io/blog/wiz-for...
Introducing Wiz for Exposure Management | Wiz Blog
Wiz now supports exposure management across cloud, code, and on-prem – combining scanner data into one view to help teams prioritize and fix real risk.
www.wiz.io
August 6, 2025 at 12:41 PM
Introducing... 🥁 Say hello to Wiz for Exposure Management! 🥳
Wiz for Exposure Management is a NEW way to unify, prioritize, and fix exposures everywhere it lives: in your cloud, code, and on-prem infrastructure.
Learn more: www.wiz.io/blog/wiz-for...
Wiz for Exposure Management is a NEW way to unify, prioritize, and fix exposures everywhere it lives: in your cloud, code, and on-prem infrastructure.
Learn more: www.wiz.io/blog/wiz-for...
🚨 Wiz Research found a vulnerability chain in NVIDIA's open-source Triton Inference Server
What started as a small error message turned into something big:
A path to full remote code execution, no creds, no user interaction.
What started as a small error message turned into something big:
A path to full remote code execution, no creds, no user interaction.
August 4, 2025 at 12:57 PM
🚨 Wiz Research found a vulnerability chain in NVIDIA's open-source Triton Inference Server
What started as a small error message turned into something big:
A path to full remote code execution, no creds, no user interaction.
What started as a small error message turned into something big:
A path to full remote code execution, no creds, no user interaction.