Wiz io
@wizsecurity.bsky.social
Secure everything you build and run in the cloud
@scottpiper.bsky.social highlights an emerging trend of attackers incorporating AI into their payloads, providing recent examples, and discussing the implications of this trend.
Full analysis: www.wiz.io/blog/the-eme...
Full analysis: www.wiz.io/blog/the-eme...
Emerging Threat: AI-Powered Malware Attacks | Wiz Blog
From LameHug to s1ngularity, attackers are invoking AI directly in malware payloads.
www.wiz.io
October 9, 2025 at 2:32 PM
@scottpiper.bsky.social highlights an emerging trend of attackers incorporating AI into their payloads, providing recent examples, and discussing the implications of this trend.
Full analysis: www.wiz.io/blog/the-eme...
Full analysis: www.wiz.io/blog/the-eme...
Impact: code reached ~10% of cloud envs in 2hrs. Risk highest for crypto apps serving JS. Blocklist bad versions, clear caches, rebuild, scan bundles. Wiz detections live in Threat Center. Learn more: www.wiz.io/blog/widespr...
Widespread npm Supply Chain Attack: Breaking Down Impact & Scope Across Debug, Chalk, and Beyond | Wiz Blog
A deeper look at the npm debug/chalk supply-chain incident: deobfuscating the wallet-hijacking browser interceptor, quantifying the ~2-hour exposure with Wiz telemetry (~99% package prevalence, ~10% m...
www.wiz.io
September 9, 2025 at 12:26 PM
Impact: code reached ~10% of cloud envs in 2hrs. Risk highest for crypto apps serving JS. Blocklist bad versions, clear caches, rebuild, scan bundles. Wiz detections live in Threat Center. Learn more: www.wiz.io/blog/widespr...
📂 Thousands of secrets leaked into attacker-created public GitHub repos.
👉 The repos are gone, but the damage has been done
- Rotate credentials + upgrade immediately.
Full breakdown here: www.wiz.io/blog/s1ngula...
👉 The repos are gone, but the damage has been done
- Rotate credentials + upgrade immediately.
Full breakdown here: www.wiz.io/blog/s1ngula...
s1ngularity: supply chain attack leaks secrets on GitHub: everything you need to know | Wiz Blog
Detect and mitigate a critical supply chain compromise affecting the Nx NPM Package. Organizations should act urgently.
www.wiz.io
August 27, 2025 at 12:11 PM
📂 Thousands of secrets leaked into attacker-created public GitHub repos.
👉 The repos are gone, but the damage has been done
- Rotate credentials + upgrade immediately.
Full breakdown here: www.wiz.io/blog/s1ngula...
👉 The repos are gone, but the damage has been done
- Rotate credentials + upgrade immediately.
Full breakdown here: www.wiz.io/blog/s1ngula...
Full breakdown by @scottpiper.bsky.social : www.wiz.io/blog/a-new-t...
A new type of long-lived key on AWS: Bedrock API keys | Wiz Blog
New AWS Bedrock keys simplify authentication while raising security considerations.
www.wiz.io
August 21, 2025 at 12:52 PM
Full breakdown by @scottpiper.bsky.social : www.wiz.io/blog/a-new-t...
- Long-term keys are tied to IAM Users (and yes, we've already seen them exposed on GitHub)
- Short-term keys work differently, but both act as bearer tokens, a surprising shift from AWS's usual sigv4 approach
The good news? AWS is now scanning GitHub for exposed Bedrock keys.
- Short-term keys work differently, but both act as bearer tokens, a surprising shift from AWS's usual sigv4 approach
The good news? AWS is now scanning GitHub for exposed Bedrock keys.
August 21, 2025 at 12:52 PM
- Long-term keys are tied to IAM Users (and yes, we've already seen them exposed on GitHub)
- Short-term keys work differently, but both act as bearer tokens, a surprising shift from AWS's usual sigv4 approach
The good news? AWS is now scanning GitHub for exposed Bedrock keys.
- Short-term keys work differently, but both act as bearer tokens, a surprising shift from AWS's usual sigv4 approach
The good news? AWS is now scanning GitHub for exposed Bedrock keys.