Lucene search
K
WizblogRecent

645 matches found

Wiz blog
Wiz blog
added 2026/04/30 1:21 p.m.7 views

The (In)security Landscape of AI-Powered GitHub Actions (Part 2/2)

When AI meets CI/CD: permission bypasses, prompt injection, and what to do about it...

5.2AI score
Exploits0
Wiz blog
Wiz blog
added 2026/04/29 9:0 p.m.8 views

Key Takeaways from the 2026 State of AI in the Cloud Report

How AI Adoption, Autonomy, and Attacker Innovation Are Reshaping Cloud Security...

5.2AI score
Exploits0
Wiz blog
Wiz blog
added 2026/04/29 3:14 p.m.9 views

Supply Chain Campaign Targets SAP npm Packages with Credential-Stealing Malware

Detect and mitigate malicious npm packages linked to the recent Shai-Hulud-style campaign - Mini Shai Hulud...

5.3AI score
Exploits0
Wiz blog
Wiz blog
added 2026/04/29 1:58 p.m.6 views

Wiz Code Week Recap: Securing AI Native Development

Providing Application Security teams with visibility and guardrails to secure agentic software development and the modern software supply chain...

5.2AI score
Exploits0
Wiz blog
Wiz blog
added 2026/04/29 12:0 p.m.7 views

Modern Defensible Architecture: Resilience for the Australian Federal Government

How Wiz enables Australian government agencies to operationalise MDA with real-time context, zero trust enforcement, and end-to-end cloud visibility...

5.2AI score
Exploits0
Wiz blog
Wiz blog
added 2026/04/28 3:30 p.m.5 views

Securing GitHub: Wiz Research uncovers Remote Code Execution in GitHub.com and GitHub Enterprise Server (CVE-2026-3854)

Details on CVE-2026-3854: A critical flaw in GitHub’s internal git infrastructure enabling RCE on GitHub.com and GitHub Enterprise Server...

8.8CVSS5.2AI score0.24462EPSS
Exploits5
Wiz blog
Wiz blog
added 2026/04/27 10:33 a.m.8 views

NIST NVD Update: What it Means For Vulnerability Management

The shift from static CVE scoring to risk-based prioritization signals a new era for Vulnerability Managers...

5.2AI score
Exploits0
Wiz blog
Wiz blog
added 2026/04/22 12:0 p.m.7 views

Wiz at Google Next: Machine-Speed Defense for Any Cloud, Any Platform, Any AI

Announcing new capabilities at Google Cloud Next that extend and deepen Wiz AI-APP coverage: From the first line of AI-generated code, across AI and agent studios, to the edge of the cloud...

5.8AI score
Exploits0
Wiz blog
Wiz blog
added 2026/04/21 12:57 p.m.10 views

Closing the Security Gap in the Age of Agentic Coding

AI agents are writing more and more code. Ensure it's secure. Learn how Wiz Code plugins and the Green Agent bring machine-speed remediation to your AI-IDE...

5.8AI score
Exploits0
Wiz blog
Wiz blog
added 2026/04/21 12:0 p.m.7 views

Mapping Your API Ecosystem: Wiz Expands API Discovery with Apigee

See your full Apigee architecture on the Wiz Security Graph, from API gateways and environments to every endpoint and its authorization scheme...

5.8AI score
Exploits0
Wiz blog
Wiz blog
added 2026/04/20 6:20 p.m.6 views

Context.ai OAuth Token Compromise

Compromised Context.ai OAuth tokens enabled attackers to perform a supply chain attack via trusted SaaS integrations. Learn how to assess the risk in your environment and how to prevent the next attack...

5.8AI score
Exploits0
Wiz blog
Wiz blog
added 2026/04/20 12:0 p.m.9 views

Wiz and Databricks: Adding Databricks to the Wiz Security Graph

Extending Wiz Visibility with the Databricks Data & AI Platform...

5.8AI score
Exploits0
Wiz blog
Wiz blog
added 2026/04/20 12:0 p.m.6 views

From Code to Pipeline: Wiz Code Now Secures Your Build Environment

Threat actors have moved upstream, and while security teams have focused on the code developers write, the systems that build and deliver that code have remained a blind spot...

5.9AI score
Exploits0
Wiz blog
Wiz blog
added 2026/04/17 3:0 p.m.9 views

IaC Inventory: A Unified View Across Code, Deployments, and Cloud

As AI applications introduce a new class of infrastructure resources, visibility into what your IaC creates, where it runs, and whether it has drifted has never been more critical...

5.7AI score
Exploits0
Wiz blog
Wiz blog
added 2026/04/16 1:0 p.m.9 views

Securing AI Applications From Inception to Deployment

Extending the Wiz AI APP into the code layer to detect AI-specific risks at inception, validate exploitability at runtime, and orchestrate remediation with agents that understand your codebase...

5.8AI score
Exploits0
Wiz blog
Wiz blog
added 2026/04/15 1:19 p.m.18 views

How to Harden GitHub Actions: An Updated Guide

Build resilient GitHub Actions workflows with lessons from recent attacks like TeamPCP and Axios...

5.8AI score
Exploits0
Wiz blog
Wiz blog
added 2026/04/14 1:0 p.m.10 views

Securing the AI Edge: Wiz and Cloudflare Integrate for End-to-End AI Protection

Gain a unified view of AI application endpoints and DNS exposure across your environment, including which are protected by Cloudflare and which need to be secured...

5.8AI score
Exploits0
Wiz blog
Wiz blog
added 2026/04/14 12:0 p.m.4 views

Introducing Shadow Data Detection: Reduce Cost and Risk Across Your Cloud

Identify stale, duplicated, and inefficient data — and take action to shrink both your storage spend and exposure surface...

5.8AI score
Exploits0
Wiz blog
Wiz blog
added 2026/04/14 11:33 a.m.9 views

Primer on GitHub Actions Security - Threat Model, Attacks and Defenses (Part 1/2)

Understanding and defending your GitHub Actions - from threat model to security controls...

5.8AI score
Exploits0
Wiz blog
Wiz blog
added 2026/04/10 3:25 p.m.16 views

Claude Mythos: Preparing for a World Where AI Finds and Exploits Vulnerabilities Faster Than Ever

Anthropic's new model can autonomously discover zero-days and develop working exploits. While access is currently limited to responsible actors, now is the time to strengthen response playbooks, reduce exposure, and incorporate AI into security programs...

5.8AI score
Exploits0
Wiz blog
Wiz blog
added 2026/04/09 1:0 p.m.22 views

Cloud Threats Retrospective 2026: What AI Changed (and What It Didn’t)

Insights from public incidents, cloud telemetry, and investigations into how cloud risk evolved in 2025...

5.9AI score
Exploits0
Wiz blog
Wiz blog
added 2026/04/09 12:0 p.m.5 views

Bringing Security Visibility to Vercel with Wiz

Giving developers and security teams a shared view of application risk as it evolves...

5.9AI score
Exploits0
Wiz blog
Wiz blog
added 2026/04/04 9:36 a.m.4 views

Six Accounts, One Actor: Inside the prt-scan Supply Chain Campaign

After hackerbot-claw, another AI-powered campaign exploiting pullrequesttarget confirms the threat is here to stay. We trace the attacker back to three weeks before anyone noticed...

5.9AI score
Exploits0
Wiz blog
Wiz blog
added 2026/03/31 8:26 a.m.5 views

Axios NPM Distribution Compromised in Supply Chain Attack

A compromised axios maintainer account led to malicious npm releases that propagated across environments. Learn how to assess impact, detect compromise, and secure your development workflows...

5.9AI score
Exploits0
Wiz blog
Wiz blog
added 2026/03/30 11:54 p.m.8 views

Tracking TeamPCP: Investigating Post-Compromise Attacks Seen in the Wild

How TeamPCP are leveraging stolen secrets from the recent supply chain attacks to compromise cloud environments...

5.9AI score
Exploits0
Wiz blog
Wiz blog
added 2026/03/30 1:16 p.m.25 views

The Wiz Blue Agent, now Generally Available

Accelerate your SecOps team with the Blue Agent for threat investigation, now Generally Available...

5.8AI score
Exploits0
Wiz blog
Wiz blog
added 2026/03/27 1:38 p.m.8 views

Beyond the Badge: What Achieving Microsoft’s Certified Software Designation Means for Your Cloud Security

Verified by Microsoft. Built for Azure. Secured by Wiz...

5.8AI score
Exploits0
Wiz blog
Wiz blog
added 2026/03/26 1:0 p.m.22 views

Introducing the Green Agent: AI-Powered Remediation for the Cloud

Accelerate your path to Zero Criticals with AI that investigates, assigns, and guides cloud remediation for you...

5.8AI score
Exploits0
Wiz blog
Wiz blog
added 2026/03/25 5:17 p.m.9 views

Introducing Wiz Workflows: Your path to building a self healing cloud

Orchestrate customizable workflows with agents, enabling end-to-end discovery and response in Wiz...

5.8AI score
Exploits0
Wiz blog
Wiz blog
added 2026/03/24 6:40 p.m.9 views

Three’s a Crowd: TeamPCP trojanizes LiteLLM in Continuation of Campaign

LiteLLM is the latest victim of TeamPCP’s open-source attack spree. Malicious versions 1.82.7 and 1.82.8 abuse Python’s .pth mechanism for stealthy persistence. The malware exfiltrates cloud credentials, CI/CD secrets, and keys to attacker-controlled domains...

5.8AI score
Exploits0
Wiz blog
Wiz blog
added 2026/03/23 5:38 p.m.11 views

KICS GitHub Action Compromised: TeamPCP Strikes Again in Supply Chain Attack

Checkmarx KICS scanner is the latest victim of a credential-stealing supply chain attack by TeamPCP. Between 12:58–16:50 UTC on March 23, 35 tags were hijacked. Learn how to audit your workflows, identify malicious activity, and secure your GitHub Actions...

5.8AI score
Exploits0
Wiz blog
Wiz blog
added 2026/03/23 4:46 p.m.31 views

Introducing the Wiz Red Agent- AI-Powered Attacker

Red Agent is an AI-powered, context-aware attacker that uncovers complex exploitable risks across your entire attack surface, continuously and at scale...

5.8AI score
Exploits0
Wiz blog
Wiz blog
added 2026/03/23 12:0 p.m.8 views

Introducing Wiz Agents & Workflows: Security at the Speed of AI

A new security operating model powered by AI agents that removes bottlenecks and enables teams to act at the speed of AI...

5.8AI score
Exploits0
Wiz blog
Wiz blog
added 2026/03/23 12:0 p.m.4 views

Introducing Wiz AI Application Protection Platform (AI-APP)

Secure every layer of AI applications — infrastructure, data, access, models, agents, and applications — from code to runtime, across every environment you build in...

5.9AI score
Exploits0
Wiz blog
Wiz blog
added 2026/03/20 8:37 p.m.5 views

AI Runtime Threat Detection: From Input to Real-World Impact

Understanding and detecting AI-driven behavior across model, workload, and cloud...

5.8AI score
Exploits0
Wiz blog
Wiz blog
added 2026/03/20 3:18 p.m.8 views

Trivy Compromised: Everything You Need to Know about the Latest Supply Chain Attack

On March 19, 2026, threat actors injected credential-stealing malware into Aqua Security’s Trivy scanner and related GitHub Actions. Learn how "TeamPCP" executed this breach and how to audit your environment...

5.8AI score
Exploits0
Wiz blog
Wiz blog
added 2026/03/13 1:0 p.m.7 views

Twenty Years of Cloud Security Research

This post will look at the past 20 years of cloud security research, separating the two decades into eras with important milestones defined that resulted in the change of one era to the next...

5.8AI score
Exploits0
Wiz blog
Wiz blog
added 2026/03/11 12:41 p.m.4 views

C'est officiel : Wiz rejoint Google

Bienvenue dans une nouvelle ère de la sécurité du cloud et de l'IA...

5.9AI score
Exploits0
Wiz blog
Wiz blog
added 2026/03/11 12:7 a.m.3 views

Understanding and Reducing AI Risk in Modern Applications

Identify real AI risk by connecting signals in context across the layers of AI applications...

5.8AI score
Exploits0
Wiz blog
Wiz blog
added 2026/03/06 1:0 p.m.20 views

Introducing Wiz Tenant Manager: Multi-Tenant Management for Federated Organizations

Experience full Wiz security with zero friction, managing multiple tenants in a single console...

5.8AI score
Exploits0
Wiz blog
Wiz blog
added 2026/03/06 12:0 p.m.3 views

The Agile FedRAMP Playbook, Part 4: Reactive Risk Management through Enriched Incident Response

In the final part of our series, we explore Reactive Risk Management. Discover how Wiz for U.S. Government transforms cloud detection and response to help satisfy FedRAMP Rev 5 IR controls and FedRAMP 20x detection benchmarks...

5.8AI score
Exploits0
Wiz blog
Wiz blog
added 2026/03/03 8:46 p.m.6 views

Wiz Achieves CPSTIC Certification in Spain

Strengthening secure cloud modernization for Spain’s public sector through CPSTIC certification...

5.9AI score
Exploits0
Wiz blog
Wiz blog
added 2026/03/03 3:33 a.m.6 views

Seeing AI Clearly: Building Visibility Across Modern AI Applications

AI applications span models, agents, and cloud environments in ways traditional security tools weren’t designed to understand. Here’s why visibility breaks — and how a new, implementation-agnostic approach helps teams safely adopt AI...

5.9AI score
Exploits0
Wiz blog
Wiz blog
added 2026/02/27 3:33 p.m.3 views

The Agile FedRAMP Playbook, Part 3: Preventative Risk Management by building Secure by Design

In the third part of our series, we explore Preventative Risk Management. We discuss how shifting security into the development lifecycle helps organizations meet FedRAMP requirements...

5.9AI score
Exploits0
Wiz blog
Wiz blog
added 2026/02/24 5:15 p.m.6 views

Security Insights Where Work Happens: Notion Custom Agents + Wiz MCP

Bring Wiz cloud security insights into your Notion workspace with Custom Agents — enabling automated reporting, investigation, and security workflows where teams already work...

5.3AI score
Exploits0
Wiz blog
Wiz blog
added 2026/02/23 7:6 p.m.5 views

Wiz Leads the 2026 Latio Application Security Report with awards in 4 categories

Wiz has been recognized in the 2026 Latio Application Security Report. Wiz was spotlighted and awarded four distinct badges, reflecting our continuous commitment to protecting applications all the way from code to runtime...

5.4AI score
Exploits0
Wiz blog
Wiz blog
added 2026/02/20 5:28 p.m.6 views

Building an Agentic Cloud Security Ecosystem: A Reference Architecture with Wiz MCP and Infosys Cyber Next

Coordinated Multi-Agent Investigation and Remediation...

5.4AI score
Exploits0
Wiz blog
Wiz blog
added 2026/02/20 11:51 a.m.6 views

The Agile FedRAMP Playbook, Part 2: Proactive Risk Management with Continuous Monitoring

In the second part of our series, we dive into Proactive Risk Management. Discover how Wiz for U.S. Government automates visibility and prioritizes risk remediation to meet FedRAMP continuous monitoring requirements without slowing down innovation...

5.5AI score
Exploits0
Wiz blog
Wiz blog
added 2026/02/18 7:9 p.m.6 views

Would You Click ‘Accept’? Automatically detecting malicious Azure OAuth applications using LLMs

How Wiz Research automates detection of emerging malicious Azure app and consent phishing campaigns...

5.4AI score
Exploits0
Wiz blog
Wiz blog
added 2026/02/17 4:45 p.m.32 views

Wiz Named a Leader in The Forrester Wave™: Cloud Native Application Protection Solutions, Q1 2026

Forrester’s CNAPP evaluation rated Wiz with the highest Current Offering category score, which we believe reflects our commitment to protecting everything built and run in the cloud...

5.5AI score
Exploits0
Total number of security vulnerabilities645