Wiz io
@wizsecurity.bsky.social
Secure everything you build and run in the cloud
New CTF challenge ($20,000 IN PRIZES) 💥
We're running "Operation Cloudfall" - a live CTF during BlackHat & zeroday.cloud on December 10-11.
Get your free pass to the event today: zeroday.cloud/operation-cloudfall
See you in London 🇬🇧
We're running "Operation Cloudfall" - a live CTF during BlackHat & zeroday.cloud on December 10-11.
Get your free pass to the event today: zeroday.cloud/operation-cloudfall
See you in London 🇬🇧
November 6, 2025 at 5:55 PM
New CTF challenge ($20,000 IN PRIZES) 💥
We're running "Operation Cloudfall" - a live CTF during BlackHat & zeroday.cloud on December 10-11.
Get your free pass to the event today: zeroday.cloud/operation-cloudfall
See you in London 🇬🇧
We're running "Operation Cloudfall" - a live CTF during BlackHat & zeroday.cloud on December 10-11.
Get your free pass to the event today: zeroday.cloud/operation-cloudfall
See you in London 🇬🇧
🎃 Something spooky's brewing in the cloud...
Introducing a new CTF challenge - "Game of Pods" 🕸️
💀 Written by top Azure researcher & worth 30 points, it's our BIGGEST challenge yet!
Get your skills ready for zeroday.cloud: cloudsecuritychampionship.com
Introducing a new CTF challenge - "Game of Pods" 🕸️
💀 Written by top Azure researcher & worth 30 points, it's our BIGGEST challenge yet!
Get your skills ready for zeroday.cloud: cloudsecuritychampionship.com
October 27, 2025 at 1:41 PM
🎃 Something spooky's brewing in the cloud...
Introducing a new CTF challenge - "Game of Pods" 🕸️
💀 Written by top Azure researcher & worth 30 points, it's our BIGGEST challenge yet!
Get your skills ready for zeroday.cloud: cloudsecuritychampionship.com
Introducing a new CTF challenge - "Game of Pods" 🕸️
💀 Written by top Azure researcher & worth 30 points, it's our BIGGEST challenge yet!
Get your skills ready for zeroday.cloud: cloudsecuritychampionship.com
Need a partner to finish that exploit chain for ZERODAY.CLOUD?
We just launched our Research Collaboration Center at zeroday.cloud/collab to connect researchers, combine skills, and meet the deadline. 🤝
The clock is ticking... ⏱️
We just launched our Research Collaboration Center at zeroday.cloud/collab to connect researchers, combine skills, and meet the deadline. 🤝
The clock is ticking... ⏱️
October 23, 2025 at 4:00 PM
Need a partner to finish that exploit chain for ZERODAY.CLOUD?
We just launched our Research Collaboration Center at zeroday.cloud/collab to connect researchers, combine skills, and meet the deadline. 🤝
The clock is ticking... ⏱️
We just launched our Research Collaboration Center at zeroday.cloud/collab to connect researchers, combine skills, and meet the deadline. 🤝
The clock is ticking... ⏱️
Our biggest reminder yet. ZERODAY.CLOUD.
A first-of-its-kind, open-source cloud hacking competition.
Find vulnerabilities in the critical open-source software that powers the cloud, and compete for your share of a $4.5M prize pool.
➡️ www.zeroday.cloud
A first-of-its-kind, open-source cloud hacking competition.
Find vulnerabilities in the critical open-source software that powers the cloud, and compete for your share of a $4.5M prize pool.
➡️ www.zeroday.cloud
October 16, 2025 at 5:24 PM
Our biggest reminder yet. ZERODAY.CLOUD.
A first-of-its-kind, open-source cloud hacking competition.
Find vulnerabilities in the critical open-source software that powers the cloud, and compete for your share of a $4.5M prize pool.
➡️ www.zeroday.cloud
A first-of-its-kind, open-source cloud hacking competition.
Find vulnerabilities in the critical open-source software that powers the cloud, and compete for your share of a $4.5M prize pool.
➡️ www.zeroday.cloud
🎁 We're giving away 2,000 SHIFT LEFT keyboards ↓
Want one on your desk?
Fill out the form >> redeem.reachdesk.com/lp/wiz/shift...
That's it! The keyboard is on its way 📦
Why are we doing this? 👀
A secret game is coming… and the whole world is invited.
Want one on your desk?
Fill out the form >> redeem.reachdesk.com/lp/wiz/shift...
That's it! The keyboard is on its way 📦
Why are we doing this? 👀
A secret game is coming… and the whole world is invited.
October 16, 2025 at 4:50 PM
🎁 We're giving away 2,000 SHIFT LEFT keyboards ↓
Want one on your desk?
Fill out the form >> redeem.reachdesk.com/lp/wiz/shift...
That's it! The keyboard is on its way 📦
Why are we doing this? 👀
A secret game is coming… and the whole world is invited.
Want one on your desk?
Fill out the form >> redeem.reachdesk.com/lp/wiz/shift...
That's it! The keyboard is on its way 📦
Why are we doing this? 👀
A secret game is coming… and the whole world is invited.
Introducing ZERODAY.CLOUD🕵️♀️
Be the first to participate in the first-of-its-kind cloud hacking competition. 🤝
WIN HUGE PRIZES from our up to 4.5 million dollar prize pool. 💰🏆
Join us to help make the cloud a safer place. Register your exploit now >> zeroday.cloud
Be the first to participate in the first-of-its-kind cloud hacking competition. 🤝
WIN HUGE PRIZES from our up to 4.5 million dollar prize pool. 💰🏆
Join us to help make the cloud a safer place. Register your exploit now >> zeroday.cloud
September 30, 2025 at 5:39 PM
Introducing ZERODAY.CLOUD🕵️♀️
Be the first to participate in the first-of-its-kind cloud hacking competition. 🤝
WIN HUGE PRIZES from our up to 4.5 million dollar prize pool. 💰🏆
Join us to help make the cloud a safer place. Register your exploit now >> zeroday.cloud
Be the first to participate in the first-of-its-kind cloud hacking competition. 🤝
WIN HUGE PRIZES from our up to 4.5 million dollar prize pool. 💰🏆
Join us to help make the cloud a safer place. Register your exploit now >> zeroday.cloud
@fortune.com JUST DROPPED A FEATURE ON Wiz 🔥
If you've been following the Wiz story, this one's for you.
HUGE shoutout to everyone who made this story worth telling. You helped build something Fortune couldn't ignore 💙
fortune.com/article/wiz-...
If you've been following the Wiz story, this one's for you.
HUGE shoutout to everyone who made this story worth telling. You helped build something Fortune couldn't ignore 💙
fortune.com/article/wiz-...
September 30, 2025 at 2:58 PM
@fortune.com JUST DROPPED A FEATURE ON Wiz 🔥
If you've been following the Wiz story, this one's for you.
HUGE shoutout to everyone who made this story worth telling. You helped build something Fortune couldn't ignore 💙
fortune.com/article/wiz-...
If you've been following the Wiz story, this one's for you.
HUGE shoutout to everyone who made this story worth telling. You helped build something Fortune couldn't ignore 💙
fortune.com/article/wiz-...
🚨 #Shai-Hulud: Major npm supply chain attack.
100+ packages weaponized with stolen GitHub tokens, stealing secrets, hijacking repos, and auto-propagating like a worm.
Guidance + detections inside
www.wiz.io/blog/shai-hu...
100+ packages weaponized with stolen GitHub tokens, stealing secrets, hijacking repos, and auto-propagating like a worm.
Guidance + detections inside
www.wiz.io/blog/shai-hu...
September 16, 2025 at 2:20 PM
🚨 #Shai-Hulud: Major npm supply chain attack.
100+ packages weaponized with stolen GitHub tokens, stealing secrets, hijacking repos, and auto-propagating like a worm.
Guidance + detections inside
www.wiz.io/blog/shai-hu...
100+ packages weaponized with stolen GitHub tokens, stealing secrets, hijacking repos, and auto-propagating like a worm.
Guidance + detections inside
www.wiz.io/blog/shai-hu...
🚨 Major npm hijack: Attackers took over Qix's account (chalk, debug & more). Malicious versions briefly hit npm, injecting browser code to hijack crypto transactions.
DuckDB ecosystem is also affected.
DuckDB ecosystem is also affected.
September 9, 2025 at 12:26 PM
🚨 Major npm hijack: Attackers took over Qix's account (chalk, debug & more). Malicious versions briefly hit npm, injecting browser code to hijack crypto transactions.
DuckDB ecosystem is also affected.
DuckDB ecosystem is also affected.
🚨 Your Cloud DFIR Desk Mat is here!
A first-ever poster mapping MITRE ATT&CK to key AWS, Azure & GCP log sources and API events.
📥 Get your copy: threats.wiz.io/cloud-dfir-p...
A first-ever poster mapping MITRE ATT&CK to key AWS, Azure & GCP log sources and API events.
📥 Get your copy: threats.wiz.io/cloud-dfir-p...
September 2, 2025 at 1:45 PM
🚨 Your Cloud DFIR Desk Mat is here!
A first-ever poster mapping MITRE ATT&CK to key AWS, Azure & GCP log sources and API events.
📥 Get your copy: threats.wiz.io/cloud-dfir-p...
A first-ever poster mapping MITRE ATT&CK to key AWS, Azure & GCP log sources and API events.
📥 Get your copy: threats.wiz.io/cloud-dfir-p...
🚨 New CTF: Azure APT 🏆
Step into the shoes of an attacker targeting Azure. Use a malicious OAuth app, bypass restrictions, and capture the flag.
Can you solve all 12 CTF's and WIN our belt?
Test your skills with this month's CTF by Lior Sonntag 👉 www.cloudsecuritychampionship.com/challenge/3
Step into the shoes of an attacker targeting Azure. Use a malicious OAuth app, bypass restrictions, and capture the flag.
Can you solve all 12 CTF's and WIN our belt?
Test your skills with this month's CTF by Lior Sonntag 👉 www.cloudsecuritychampionship.com/challenge/3
August 28, 2025 at 1:03 PM
🚨 New CTF: Azure APT 🏆
Step into the shoes of an attacker targeting Azure. Use a malicious OAuth app, bypass restrictions, and capture the flag.
Can you solve all 12 CTF's and WIN our belt?
Test your skills with this month's CTF by Lior Sonntag 👉 www.cloudsecuritychampionship.com/challenge/3
Step into the shoes of an attacker targeting Azure. Use a malicious OAuth app, bypass restrictions, and capture the flag.
Can you solve all 12 CTF's and WIN our belt?
Test your skills with this month's CTF by Lior Sonntag 👉 www.cloudsecuritychampionship.com/challenge/3
🚨 New keys just dropped… and they're already leaking.
#AWS introduced Bedrock API keys, both long-term and short-term. On the surface, they look like just another way to authenticate.
But here's the twist ⬇️
#AWS introduced Bedrock API keys, both long-term and short-term. On the surface, they look like just another way to authenticate.
But here's the twist ⬇️
August 21, 2025 at 12:52 PM
🚨 New keys just dropped… and they're already leaking.
#AWS introduced Bedrock API keys, both long-term and short-term. On the surface, they look like just another way to authenticate.
But here's the twist ⬇️
#AWS introduced Bedrock API keys, both long-term and short-term. On the surface, they look like just another way to authenticate.
But here's the twist ⬇️
🤖 AI agents are everywhere now.
So we put together a practical security guide that actually maps out what's happening in the wild. 👇
No fluff. Just the stuff security teams need to know.
Save this cheat sheet 💾
So we put together a practical security guide that actually maps out what's happening in the wild. 👇
No fluff. Just the stuff security teams need to know.
Save this cheat sheet 💾
August 19, 2025 at 12:08 PM
🤖 AI agents are everywhere now.
So we put together a practical security guide that actually maps out what's happening in the wild. 👇
No fluff. Just the stuff security teams need to know.
Save this cheat sheet 💾
So we put together a practical security guide that actually maps out what's happening in the wild. 👇
No fluff. Just the stuff security teams need to know.
Save this cheat sheet 💾
🤖 AI agents are everywhere now.
So we put together a practical security guide that actually maps out what's happening in the wild. 👇
No fluff. Just the stuff security teams need to know.
Save this cheat sheet 💾
So we put together a practical security guide that actually maps out what's happening in the wild. 👇
No fluff. Just the stuff security teams need to know.
Save this cheat sheet 💾
August 19, 2025 at 12:04 PM
🤖 AI agents are everywhere now.
So we put together a practical security guide that actually maps out what's happening in the wild. 👇
No fluff. Just the stuff security teams need to know.
Save this cheat sheet 💾
So we put together a practical security guide that actually maps out what's happening in the wild. 👇
No fluff. Just the stuff security teams need to know.
Save this cheat sheet 💾
Introducing Wizmojis.com >> Our cloud security emojis for your Slack & WhatsApp that finally get YOU.
💬 Some favorites:
* blame-the-intern
* cve-part
* phishing-season
⬇️ Comment below — What emoji do you need on Slack?
The best ideas might just make it into the next pack of Wizmojis.
💬 Some favorites:
* blame-the-intern
* cve-part
* phishing-season
⬇️ Comment below — What emoji do you need on Slack?
The best ideas might just make it into the next pack of Wizmojis.
August 14, 2025 at 12:45 PM
Introducing Wizmojis.com >> Our cloud security emojis for your Slack & WhatsApp that finally get YOU.
💬 Some favorites:
* blame-the-intern
* cve-part
* phishing-season
⬇️ Comment below — What emoji do you need on Slack?
The best ideas might just make it into the next pack of Wizmojis.
💬 Some favorites:
* blame-the-intern
* cve-part
* phishing-season
⬇️ Comment below — What emoji do you need on Slack?
The best ideas might just make it into the next pack of Wizmojis.
🚨 Wiz Research found a vulnerability chain in NVIDIA's open-source Triton Inference Server
What started as a small error message turned into something big:
A path to full remote code execution, no creds, no user interaction.
What started as a small error message turned into something big:
A path to full remote code execution, no creds, no user interaction.
August 4, 2025 at 12:57 PM
🚨 Wiz Research found a vulnerability chain in NVIDIA's open-source Triton Inference Server
What started as a small error message turned into something big:
A path to full remote code execution, no creds, no user interaction.
What started as a small error message turned into something big:
A path to full remote code execution, no creds, no user interaction.
🏆 Can you escape a container & become THE ULTIMATE CLOUD SECURITY CHAMPION?
This month's scenario was crafted by Sagi Tzadik to explore container escape techniques, the same kinds of risks we'll be diving into at #BlackHat next week!
Challenge #2 👉
cloudsecuritychampionship.com/challenge/2
This month's scenario was crafted by Sagi Tzadik to explore container escape techniques, the same kinds of risks we'll be diving into at #BlackHat next week!
Challenge #2 👉
cloudsecuritychampionship.com/challenge/2
July 31, 2025 at 12:57 PM
🏆 Can you escape a container & become THE ULTIMATE CLOUD SECURITY CHAMPION?
This month's scenario was crafted by Sagi Tzadik to explore container escape techniques, the same kinds of risks we'll be diving into at #BlackHat next week!
Challenge #2 👉
cloudsecuritychampionship.com/challenge/2
This month's scenario was crafted by Sagi Tzadik to explore container escape techniques, the same kinds of risks we'll be diving into at #BlackHat next week!
Challenge #2 👉
cloudsecuritychampionship.com/challenge/2
Wiz Research just found a critical vulnerability in the popular vibe coding platform Base44, recently acquired by Wix, that could have allowed anyone to access private applications.
July 29, 2025 at 2:05 PM
Wiz Research just found a critical vulnerability in the popular vibe coding platform Base44, recently acquired by Wix, that could have allowed anyone to access private applications.
🚨 We found a critical vulnerability in the popular Vibe Coding Platform Base44: No password. No invite. Full access.
July 29, 2025 at 2:05 PM
🚨 We found a critical vulnerability in the popular Vibe Coding Platform Base44: No password. No invite. Full access.
🚨 TraderTraitor: North Korea's cyber "traitor" inside the crypto world.
This hacking crew hijacks dev workflows, poisons open-source, and compromises cloud environments — all to steal billions in crypto.
Here's how they do it 🧵
www.wiz.io/blog/north-k...
This hacking crew hijacks dev workflows, poisons open-source, and compromises cloud environments — all to steal billions in crypto.
Here's how they do it 🧵
www.wiz.io/blog/north-k...
July 28, 2025 at 2:14 PM
🚨 TraderTraitor: North Korea's cyber "traitor" inside the crypto world.
This hacking crew hijacks dev workflows, poisons open-source, and compromises cloud environments — all to steal billions in crypto.
Here's how they do it 🧵
www.wiz.io/blog/north-k...
This hacking crew hijacks dev workflows, poisons open-source, and compromises cloud environments — all to steal billions in crypto.
Here's how they do it 🧵
www.wiz.io/blog/north-k...
🚨 New research: A cryptomining campaign is hijacking exposed PostgreSQL, hiding payloads in fake 404 pages, and abusing legit infra. Multiplatform, stealthy, and still active 👉
www.wiz.io/blog/soco404...
www.wiz.io/blog/soco404...
July 23, 2025 at 1:48 PM
🚨 New research: A cryptomining campaign is hijacking exposed PostgreSQL, hiding payloads in fake 404 pages, and abusing legit infra. Multiplatform, stealthy, and still active 👉
www.wiz.io/blog/soco404...
www.wiz.io/blog/soco404...
🧱 With just three lines of code, attackers can escape containers and gain full root access to the host. That's your models, data, and GPU workloads — exposed.
NVIDIA rated it 9.0. We think it's a sign: AI infra needs stronger walls.
🛠️ Full technical breakdown
👉 www.wiz.io/blog/nvidia-...
NVIDIA rated it 9.0. We think it's a sign: AI infra needs stronger walls.
🛠️ Full technical breakdown
👉 www.wiz.io/blog/nvidia-...
July 17, 2025 at 2:52 PM
🧱 With just three lines of code, attackers can escape containers and gain full root access to the host. That's your models, data, and GPU workloads — exposed.
NVIDIA rated it 9.0. We think it's a sign: AI infra needs stronger walls.
🛠️ Full technical breakdown
👉 www.wiz.io/blog/nvidia-...
NVIDIA rated it 9.0. We think it's a sign: AI infra needs stronger walls.
🛠️ Full technical breakdown
👉 www.wiz.io/blog/nvidia-...
🚨 NEW RESEARCH: #NVIDIAscape AI vulnerability uncovered!
Wiz Research discovered a critical vulnerability (CVE-2025-23266) in the NVIDIA Container Toolkit, the glue connecting containers to GPUs across major cloud providers.
Wiz Research discovered a critical vulnerability (CVE-2025-23266) in the NVIDIA Container Toolkit, the glue connecting containers to GPUs across major cloud providers.
July 17, 2025 at 2:52 PM
🚨 NEW RESEARCH: #NVIDIAscape AI vulnerability uncovered!
Wiz Research discovered a critical vulnerability (CVE-2025-23266) in the NVIDIA Container Toolkit, the glue connecting containers to GPUs across major cloud providers.
Wiz Research discovered a critical vulnerability (CVE-2025-23266) in the NVIDIA Container Toolkit, the glue connecting containers to GPUs across major cloud providers.
WOOHOO! We are #1 in over 130 reports on #G2 this summer!☀️🍉
Huge G2 moment, and it's all thanks to you 💙
THANK YOU to our amazing Wizards and customers for your continued trust, feedback, and partnership. 🪄
www.wiz.io/lp/g2-grid-r...
Huge G2 moment, and it's all thanks to you 💙
THANK YOU to our amazing Wizards and customers for your continued trust, feedback, and partnership. 🪄
www.wiz.io/lp/g2-grid-r...
July 8, 2025 at 1:21 PM
WOOHOO! We are #1 in over 130 reports on #G2 this summer!☀️🍉
Huge G2 moment, and it's all thanks to you 💙
THANK YOU to our amazing Wizards and customers for your continued trust, feedback, and partnership. 🪄
www.wiz.io/lp/g2-grid-r...
Huge G2 moment, and it's all thanks to you 💙
THANK YOU to our amazing Wizards and customers for your continued trust, feedback, and partnership. 🪄
www.wiz.io/lp/g2-grid-r...
🚨 We scanned GitHub and found *hundreds* of valid secrets, 4 of the top 5 were AI-related:
HuggingFace, Azure OpenAI, Weights & Biases, and Groq.
Read more:
www.wiz.io/blog/leaking...
HuggingFace, Azure OpenAI, Weights & Biases, and Groq.
Read more:
www.wiz.io/blog/leaking...
June 18, 2025 at 1:09 PM
🚨 We scanned GitHub and found *hundreds* of valid secrets, 4 of the top 5 were AI-related:
HuggingFace, Azure OpenAI, Weights & Biases, and Groq.
Read more:
www.wiz.io/blog/leaking...
HuggingFace, Azure OpenAI, Weights & Biases, and Groq.
Read more:
www.wiz.io/blog/leaking...