Lucene search
K
WizblogMost viewed

645 matches found

Wiz blog
Wiz blog
added 2025/05/14 2:59 p.m.352 views

Introducing WizOS: Securing Wiz from the ground up with hardened, near-zero-CVE container base images.

WizOS is now available in private preview for Wiz customers. It’s a key part of how we help teams start secure and stay secure with hardened, minimal container images...

7.2AI score
Exploits0
Wiz blog
Wiz blog
added 2022/12/05 6:51 p.m.158 views

Wiz at re:Invent 2022 (event recap)

Get all the news from Las Vegas and learn about how Wiz and AWS continue to strengthen a strategic relationship to secure customers’ AWS environments...

6.8AI score
Exploits0
Wiz blog
Wiz blog
added 2023/07/27 7:33 p.m.152 views

GameOver(lay): Easy-to-exploit local privilege escalation vulnerabilities in Ubuntu Linux affect 40% of Ubuntu cloud workloads

Wiz Research discovered CVE-2023-2640 and CVE-2023-32629, two easy-to-exploit privilege escalation vulnerabilities in the OverlayFS module in Ubuntu affecting 40% of Ubuntu cloud workloads...

7.8CVSS6.9AI score0.15783EPSS
Exploits14
Wiz blog
Wiz blog
added 2023/06/04 6:20 p.m.139 views

CVE-2023-34362 RCE vulnerability in MOVEit Transfer exploited in the wild: everything you need to know

Detect and mitigate CVE-2023-34362, a remote code execution vulnerability in MOVEit Transfer exploited in the wild. Organizations should patch urgently...

9.8CVSS7.9AI score0.99934EPSS
Exploits15
Wiz blog
Wiz blog
added 2024/02/05 5:28 p.m.135 views

Leaky Vessels: runC and BuildKit container escape vulnerabilities - everything you need to know

Detect and mitigate “Leaky Vessels”, container escape vulnerabilities affecting runC and BuildKit. Learn how to prioritize patching and detect exploitation attempts in runtime...

7.3AI score
Exploits0
Wiz blog
Wiz blog
added 2025/08/06 12:30 p.m.125 views

Introducing Wiz for Exposure Management: Unify, Prioritize, and Remediate Exposures Everywhere

Stop chasing CVEs with new UVM and Sensor Workload Scanner capabilities. Remove silos to effectively prioritize and reduce exposures across cloud, code, and on-prem...

7.2AI score
Exploits0
Wiz blog
Wiz blog
added 2024/03/29 10:2 p.m.119 views

Backdoor in XZ Utils allows RCE: everything you need to know

Detect and mitigate CVE-2024-3094, a critical supply chain compromise, affecting XZ Utils Data compression library. Organizations should patch urgently...

10CVSS7AI score0.85974EPSS
Exploits40
Wiz blog
Wiz blog
added 2022/12/22 6:10 p.m.118 views

OWASSRF, a new exploit for Exchange vulnerabilities, exploited in the wild: everything you need to know

A new exploit method targeting CVE-2022-41080 and CVE-2022-41082 vulnerabilities in Exchange servers, which can bypass previous workarounds, has been discovered and exploited in the wild. Organizations should patch urgently...

9.8CVSS7.1AI score0.99964EPSS
Exploits11
Wiz blog
Wiz blog
added 2024/06/24 1:9 p.m.101 views

Probllama: Ollama Remote Code Execution Vulnerability (CVE-2024-37032) – Overview and Mitigations

Wiz Research discovered CVE-2024-37032, an easy-to-exploit Remote Code Execution vulnerability in the open-source AI Infrastructure project Ollama...

8.8CVSS8AI score0.89633EPSS
Exploits4
Wiz blog
Wiz blog
added 2025/04/21 5:39 p.m.96 views

Introducing the MCP Server for Wiz: Smarter AI Context, Stronger Cloud Security

Unified model context, real-time security answers, and a faster path to remediation...

7.3AI score
Exploits0
Wiz blog
Wiz blog
added 2022/12/21 6:7 p.m.88 views

Automatically discover and secure your APIs with Wiz Dynamic Scanner

Wiz enhances its Dynamic Scanner to detect publicly exposed, unauthenticated APIs...

7.1AI score
Exploits0
Wiz blog
Wiz blog
added 2024/02/12 1:53 p.m.80 views

February Fortinet Advisory: everything you need to know

Fortinet offers guidance to detect and mitigate CVE-2024-21762 and CVE-2024-23113, critical RCE vulnerabilities in FortiOS and FortiProxy, including guidance that organizations should patch urgently...

9.8CVSS9.7AI score0.83428EPSS
Exploits12
Wiz blog
Wiz blog
added 2023/10/11 4:56 p.m.74 views

CVE-2023-38545 high severity vulnerability in cURL: everything you need to know

Detect and mitigate CVE-2023-38545, a high severity buffer overflow vulnerability in cURL. Organizations should upgrade to the patched version...

9.8CVSS7.2AI score0.78483EPSS
Exploits6
Wiz blog
Wiz blog
added 2024/05/14 3:30 p.m.73 views

Unveiling the power of Wiz's Security Graph with automated blast radius and root cause analysis for cloud incident response

Wiz assists Incident Response IR and SOC teams with containment through automated assessment of security incidents by identifying possible root causes and calculating the potential blast radius of compromised resources...

7.4AI score
Exploits0
Wiz blog
Wiz blog
added 2024/04/24 4:15 p.m.73 views

CVE-2024-4040 exploited in the wild: everything you need to know

Detect and mitigate CVE-2024-4040, a critical vulnerability in CrushFTP exploited in the wild. Organizations should patch urgently...

10CVSS7.2AI score0.99539EPSS
Exploits22
Wiz blog
Wiz blog
added 2023/04/13 7:20 p.m.73 views

Microsoft April 2023 Patch Tuesday Highlights: everything you need to know

Detect and mitigate CVE-2023-28252, EoP vulnerability exploited in the wild, and CVE-2023-21554, a critical RCE vulnerability. Organizations should patch urgently...

6.9AI score
Exploits0
Wiz blog
Wiz blog
added 2022/04/01 5:0 a.m.70 views

Addressing the Spring4Shell and CVE-2022-22963 RCE vulnerabilities in cloud environments

Learn how to address Spring4Shell and CVE-2022-22963 RCE vulnerabilities in cloud environments...

9.8CVSS7AI score0.99939EPSS
Exploits36
Wiz blog
Wiz blog
added 2023/11/01 3:29 p.m.67 views

Announcing the EKS Cluster Games

Test your investigation skills and K8s knowledge in a new Wiz-sponsored CTF event: the EKS Cluster Games!...

7.2AI score
Exploits0
Wiz blog
Wiz blog
added 2024/07/24 2:50 p.m.65 views

Introducing the Prompt Airlines CTF: Test Your AI Security Skills

Wiz is excited to announce "Prompt Airlines," a new cloud security Capture The Flag CTF event focused on AI vulnerabilities...

7.3AI score
Exploits0
Wiz blog
Wiz blog
added 2024/07/01 1:49 p.m.65 views

RCE vulnerability in OpenSSH: everything you need to know

Detect and mitigate CVE-2024-6387, a remote code execution vulnerability in OpenSSH. Organizations are advised to patch urgently...

8.1CVSS8.3AI score0.99506EPSS
Exploits68
Wiz blog
Wiz blog
added 2025/01/29 8:47 p.m.61 views

Wiz Research Uncovers Exposed DeepSeek Database Leaking Sensitive Information, Including Chat History

A publicly accessible database belonging to DeepSeek allowed full control over database operations, including the ability to access internal data. The exposure includes over a million lines of log streams with highly sensitive information...

6AI score
Exploits0
Wiz blog
Wiz blog
added 2025/05/06 12:43 p.m.60 views

Introducing The Cloud Hunting Games CTF: Test Your Cloud Incident Response Skills

Wiz is excited to announce “The Cloud Hunting Games”, a new hands-on Capture the Flag CTF challenge designed to test your cloud incident response skills...

7.1AI score
Exploits0
Wiz blog
Wiz blog
added 2024/01/23 5:23 p.m.60 views

Wiz ❤️ HashiCorp: Wiz’s new integration with Terraform Run Tasks helps customers slash risks and boost developer productivity

Mutual Wiz and HashiCorp customers can leverage this integration to scan their IaC configuration and enforce security best practices to reduce risk...

7.2AI score
Exploits0
Wiz blog
Wiz blog
added 2022/07/27 5:45 a.m.60 views

Wiz CDR and Amazon GuardDuty: Contextualize and prioritize threat detection

Wiz leverages its leading Cloud Security Graph to help Cloud Defenders quickly understand, with the click of a button— what happened, where it happened, and how to respond...

6.9AI score
Exploits0
Wiz blog
Wiz blog
added 2025/01/14 4:30 p.m.58 views

Wiz Recognized as a 2024 Customers’ Choice in Gartner® Peer Insights report.

Wiz named as a Customers’ Choice for Cloud Native Application Protection Platforms CNAPP...

7.2AI score
Exploits0
Wiz blog
Wiz blog
added 2024/02/06 4:6 p.m.58 views

Critical Vulnerabilities in Ivanti Exploited in-the-Wild: everything you need to know

Detect and mitigate CVE-2023-46805, CVE-2024-21887, CVE-2024-21888 and CVE-2024-21893, critical vulnerabilities in Ivanti VPN products. Organizations should patch urgently, and government agencies are instructed to isolate Ivanti VPN instances...

9.1CVSS7.4AI score0.99999EPSS
Exploits26
Wiz blog
Wiz blog
added 2022/10/29 4:11 a.m.56 views

OpenSSL vulnerabilities: Everything you need to know

On November 1st, 2022, the OpenSSL Project disclosed High severity vulnerabilities CVE-2022-3786 and CVE-2022-3602, affecting deployments of OpenSSL 3.0.0–3.0.6. Learn how to effectively manage your organization's patching efforts...

7.5CVSS7AI score0.92488EPSS
Exploits6
Wiz blog
Wiz blog
added 2023/03/13 12:39 p.m.55 views

CVE-2023-25610 a critical RCE vulnerability in FortiOS: everything you need to know

CVE-2023-25610 is a critical RCE vulnerability in FortiOS. This vulnerability is a buffer underwrite bug in the administrative interface which could allow a remote unauthenticated attacker to execute code using specially crafted requests. Affected customers should patch immediately...

9.8CVSS7.7AI score0.17797EPSS
Exploits1
Wiz blog
Wiz blog
added 2025/05/02 11:0 a.m.53 views

Federal Data, Meet your New Bodyguard: DSPM joins Wiz for Government

Wiz is excited to bring Data Security Posture Management DSPM into our FedRAMP authorized offering. DSPM enables organizations requiring FedRAMP to automate classification, policy enforcement, and continuous monitoring for their sensitive cloud data...

7.1AI score
Exploits0
Wiz blog
Wiz blog
added 2022/12/16 4:54 p.m.52 views

Wiz enhances dynamic scanner to analyze and validate external exposure

Wiz extends its cloud analysis with an external scanner, giving customers an attacker's view of their externally exposed resources to reduce noise...

6.9AI score
Exploits0
Wiz blog
Wiz blog
added 2024/06/10 5:8 p.m.50 views

Critical RCE vulnerability in PHP CGI: everything you need to know

Detect and mitigate CVE-2024-4577, a critical remote code execution vulnerability in PHP CGI. Organizations are advised to patch urgently...

9.8CVSS9.7AI score0.99987EPSS
Exploits64
Wiz blog
Wiz blog
added 2024/04/04 3:55 p.m.50 views

Wiz Research finds architecture risks that may compromise AI-as-a-Service providers and consequently risk customer data; works with Hugging Face on mitigations

Wiz researchers discovered architecture risks that may compromise AI-as-a-Service providers and put customer data at risk. Wiz and Hugging Face worked together to mitigate the issue...

7.2AI score
Exploits0
Wiz blog
Wiz blog
added 2023/07/26 7:35 p.m.48 views

Zenbleed: cross-process infoleak vulnerability in AMD Zen 2 Processors - everything you need to know

Learn about the impact in cloud environments of CVE-2023-20593, a cross-process information leak vulnerability in AMD Zen 2 Processors...

5.5CVSS6.7AI score0.05794EPSS
Exploits1
Wiz blog
Wiz blog
added 2025/11/03 1:36 p.m.47 views

Introducing Wiz ASM: Context-Driven Attack Surface Management

Wiz launches Attack Surface Scanner to bring context, ownership, and prioritization to every exposure, anywhere...

6.9AI score
Exploits0
Wiz blog
Wiz blog
added 2025/01/03 3:0 p.m.46 views

Breaking the Chain: Wiz Uncovers a Signature Verification Bypass in Nuclei, the Popular Vulnerability Scanner (CVE-2024-43405)

Wiz’s engineering team discovered a high-severity signature verification bypass in Nuclei, one of the most popular open-source security tools, which could potentially lead to arbitrary code execution...

7.8CVSS7.6AI score0.01118EPSS
Exploits0
Wiz blog
Wiz blog
added 2024/03/11 2:6 p.m.45 views

Announcing the K8s LAN Party Challenge

Test your investigation skills and K8s network knowledge in a new CTF event: the K8s LAN Party Challenge!...

7.2AI score
Exploits0
Wiz blog
Wiz blog
added 2023/10/02 1:53 p.m.43 views

Critical and high severity Exim vulnerabilities: everything you need to know

Detect and mitigate CVE-2023-42115, and 5 more vulnerabilities in Exim. Organizations using affected configurations should mitigate and patch the vulnerabilities urgently...

9.8CVSS7AI score0.10042EPSS
Exploits5
Wiz blog
Wiz blog
added 2023/02/07 12:26 p.m.42 views

Ransomware attacks targeting VMware ESXi servers: everything you need to know

Recent attacks leverage CVE-2021-21974 to install ransomware on VMWare ESXi servers. Security teams are advised to patch and stay vigilant for indicators of compromise...

8.8CVSS6.9AI score0.45063EPSS
Exploits7
Wiz blog
Wiz blog
added 2025/03/31 3:13 p.m.41 views

CPU_HU: Fileless cryptominer targeting exposed PostgreSQL with over 1.5K victims

Cloud environments at risk: Attackers target weak PostgreSQL instances with fileless cryptominer payloads...

7.3AI score
Exploits0
Wiz blog
Wiz blog
added 2023/03/15 7:31 p.m.41 views

Shift left with Wiz Guardrails: New Wiz Admission Controller capabilities enable security policy checks at deployment time

Wiz CLI and Wiz Admission Controller enable developers to leverage a single security policy throughout the software pipeline for cloud-native environments...

6.8AI score
Exploits0
Wiz blog
Wiz blog
added 2023/11/08 4:37 p.m.39 views

Key takeaways from the Wiz 2023 Kubernetes Security Report

Today, Wiz published its 2023 Kubernetes Security Report. Here are some key takeaways...

7.2AI score
Exploits0
Wiz blog
Wiz blog
added 2025/06/17 4:0 p.m.38 views

Wiz and AWS Security Hub Enhance Cloud Risk Prioritization

Wiz joins as a launch partner for AWS Security Hub to help customers act faster on prioritized security findings...

7.3AI score
Exploits0
Wiz blog
Wiz blog
added 2025/04/22 4:1 p.m.37 views

Wiz Data Foundations: Where’s My Sensitive Data—And Who Can Access It?

A hands-on walkthrough of how to use Wiz to find sensitive data and uncover who can access it...

7.1AI score
Exploits0
Wiz blog
Wiz blog
added 2025/02/12 11:29 a.m.37 views

Cisco and Wiz Help Customers Modernize Cybersecurity

Enhanced collaboration deepens cloud security capabilities, democratizes security across cloud businesses...

7.3AI score
Exploits0
Wiz blog
Wiz blog
added 2024/10/10 5:45 p.m.37 views

Critical vulnerabilities in Palo Alto Expedition: everything you need to know

Detect and mitigate critical vulnerabilities CVE-2024-9463, CVE-2024-9464, CVE-2024-9465, CVE-2024-9466, CVE-2024-9467 in Palo Alto Networks’ Expedition tool. Organizations should patch urgently...

9.9CVSS7.1AI score0.99597EPSS
Exploits9
Wiz blog
Wiz blog
added 2023/09/12 2:55 p.m.37 views

Wiz enhances real-time threat detection and response capabilities to stop threats from becoming incidents

The Wiz Runtime Sensor for Kubernetes graduates to general availability with proven ability to detect cloud attacks, greater customization for detections, and new cloud-native response capabilities...

6.9AI score
Exploits0
Wiz blog
Wiz blog
added 2023/07/05 1:34 p.m.37 views

Linux rootkits explained – Part 1: Dynamic linker hijacking

Dynamic linker hijacking via LDPRELOAD is a Linux rootkit technique utilized by different threat actors in the wild. In part one of this series on Linux rootkits, we discuss this threat and explain how to detect it...

6.8AI score
Exploits0
Wiz blog
Wiz blog
added 2022/12/13 9:3 p.m.37 views

CVE-2022-27518 exploited in the wild by APT5: everything you need to know

Detect and mitigate CVE-2022-27518, a Citrix ADC and Gateway unauthenticated RCE 0-day exploited in the wild by a nation state actor. Organizations should patch urgently...

9.8CVSS7AI score0.06931EPSS
Exploits1
Wiz blog
Wiz blog
added 2025/07/29 2:0 p.m.36 views

Wiz Research Uncovers Critical Vulnerability in AI Vibe Coding platform Base44 Allowing Unauthorized Access to Private Applications

New discovery underscores security implications of AI-powered development and the rise of Vibe Coding Platforms...

7.4AI score
Exploits0
Wiz blog
Wiz blog
added 2024/07/17 5:45 p.m.36 views

SAPwned: SAP AI vulnerabilities expose customers’ cloud environments and private AI artifacts

Wiz Research uncovers vulnerabilities in SAP AI Core, allowing malicious actors to take over the service and access customer data...

7.3AI score
Exploits0
Total number of security vulnerabilities645