647 matches found
新たなGitHub Actionのサプライチェーン攻撃: reviewdog/action-setup
tj-actions/changed-files に対するサプライチェーン攻撃により、多くのリポジトリが週末に機密情報を漏えいしました。Wiz Research は、reviewdog/actions-setup@v1 に対する追加のサプライチェーン攻撃を発見しており、これが tj-actions/changed-files の侵害に寄与した可能性があります。...
GitHub Action tj-actions/changed-files supply chain attack: everything you need to know
A supply chain attack on popular GitHub Action tj-actions/changed-files caused many repositories to leak their secrets. Discover how it unfolded and the steps to mitigate the risk...
Key Takeaways from the 2025 State of AI in the Cloud Report
From DeepSeek adoption to impact on security and governance...
Introducing new Slack AI App for Wiz and Bi-Directional Slack Integration
Wiz enhances Slack integration to streamline risk investigation and response and bring security knowledge directly to Slack...
Emily Heath’s 5 Key Questions CISOs Should Ask Before Board Meetings
Experts share a powerful framework and strategies for effective board meeting preparation and communication...
Wiz Named #1 CDR Solution by G2
Wiz was named the leader in the Winter 2025 CDR Grid Report, based on independent customer reviews...
2025 State of Code Security: Key Trends and Risks
Explore the key insights on code and cloud security risks shaping 2025...
Introducing Wiz Lens: Role-based views for every security team
Empowerment and speed for security teams without losing unified cloud context...
The Role of Runtime Security in Cloud Environments
Discover how Wiz's innovative hybrid approach revolutionizes runtime security for the modern cloud era...
The Overlooked Attack Surface: Securing Code Repositories, Pipelines, and Developer Infrastructure
Learn how Wiz for ASPM extends security to developer infrastructure by continuously enforcing secure defaults and detecting threats across the software supply chain...
Dev and Sec: The Perfect Pair <3
Discover how this dynamic duo creates secure, agile environments – and how you can foster their romance in your organization...
Cisco and Wiz Help Customers Modernize Cybersecurity
Enhanced collaboration deepens cloud security capabilities, democratizes security across cloud businesses...
How Wiz found a Critical NVIDIA AI vulnerability: Deep Dive into a container escape (CVE-2024-0132)
Technical details on a critical severity vulnerability CVE-2024-0132 in NVIDIA Container Toolkit and GPU Operator, affecting cloud service providers...
Our Container Security AMA: You asked, Wiz answered
Check out the top comments and responses from our recent containers AMA...
Introducing the Wiz Certified Program: Validate Your Expertise and Showcase Your Mastery!
The Wiz Certified program refines your cloud security skills to help you grow your career and stand out among your industry peers...
The Basics of AWS Infrastructure Security
Discover key strategies to strengthen your AWS security posture, from applying protection at all layers to understanding shared responsibility in the cloud...
Wiz ResearchがDeepSeekの公開データベースを発見、チャット履歴を含む機密情報が流出
DeepSeekが所有する公開アクセス可能なデータベースにより、データベース操作を完全に制御できる状態になっており、内部データへのアクセスも可能でした。この漏えいには、100万行以上のログストリームが含まれており、極めて機密性の高い情報が含まれています。...
Key Performance Indicators for Effective DSPM Implementation
What are the most important KPI’s for a successful DSPM implementation? Let's explore what KPI’s to monitor, why they matter, and how you can take advantage of them for improved security at your org...
Cloud Detection Without Drowning: The Zero-Noise Approach
By adopting the 'Zero Noise' approach—prioritizing attacker-focused detections, continuous feedback loops, and a 'no alert left behind' mentality—security teams can cut through cloud alert noise, enabling swift and precise responses to true threats...
The anatomy of a Toxic Combination of Risk
How to uncover potential threats and eliminate critical risks in your cloud environment...
Securing the Container Frontier: Kubernetes Trends Report 2025
From rapid-fire attack attempts to evolving defense strategies, our Kubernetes Security Report paints a vivid picture of a dynamic landscape. Check out the preview here...
Tracking cloud-fluent threat actors - Part two: Behavioral cloud IOCs
Discover how behavioral cloud IOCs can expose malicious activity as we break down real-world examples to reveal actionable detection techniques...
Wiz Recognized as a 2024 Customers’ Choice in Gartner® Peer Insights report.
Wiz named as a Customers’ Choice for Cloud Native Application Protection Platforms CNAPP...
Wiz Research Identifies Exploitation in the Wild of Aviatrix Controller RCE (CVE-2024-50603)
The Wiz Incident Response team is currently responding to multiple incidents involving CVE-2024-50603, an Aviatrix Controller unauthenticated RCE vulnerability, that can lead to privileges escalation in the AWS control plane. Organizations should patch urgently...
Welcoming Our New CFO & President
Fazal Merchant joins our leadership team as we look to what lies ahead...
CVE-2025-0282 and CVE-2025-0283: Critical Ivanti 0days Exploited in the Wild
Detect and mitigate CVE-2025-0282, a critical RCE vulnerability in Ivanti Connect Secure and CVE-2025-0283, exploited as 0day vulnerabilities in the wild. Organizations should patch urgently...
2025 Cloud Security Predictions: Trends to Look Out for
Wizards share some of the cloud security trends to look out for in 2025...
Breaking the Chain: Wiz Uncovers a Signature Verification Bypass in Nuclei, the Popular Vulnerability Scanner (CVE-2024-43405)
Wiz’s engineering team discovered a high-severity signature verification bypass in Nuclei, one of the most popular open-source security tools, which could potentially lead to arbitrary code execution...
Avoiding mistakes with AWS OIDC integration conditions
Let’s explore some common missteps in securing your AWS OIDC...
The many ways to obtain credentials in AWS
Dive into the complexities of AWS IAM credentials and uncover how defenders can stay ahead with in-depth knowledge of SDK behaviors and service-specific mechanisms...
Unpacking Diicot - Evolving Campaign Targeting Linux Environments
Wiz Threat Research uncovered a new malware campaign targeting Linux environments attributed to the Diicot threat group...
Under the Radar: Exploring Spring Boot Actuator Misconfigurations
Wiz Threat Research investigates misconfigurations in Spring Boot Actuator’s endpoints that can leak environment variables, passwords, and API keys, and even lead to remote code execution...
New Developments in LLM Hijacking Activity
Discover the latest in LLM hijacking activity, including a dive into the JINX-2401 campaign targeting AWS environments with IAM privilege escalation tactics...
Top AWS re:Invent Announcements for Security Teams in 2024
AWS re:Invent 2024 brought an avalanche of announcements, with over 500 updates since November. Let's spotlight the most impactful ones for security teams, from Resource Control Policies to centrally managed root access...
A Cloud-First Approach to Vulnerability Remediation: A Holistic Approach
Learn about how Wiz helps organizations operationalize vulnerability remediation with true code-to-cloud visibility...
Wizは日本の新たなテナントの創設をサポートします
当社は、製品サポートとリーダーシップの拡大を通じて、この地域への取り組みを継続します。...
Ultralytics AI Library Hacked via GitHub for Cryptomining
A supply chain attack on Ultralytics exploited GitHub Actions to inject malicious PyPI packages. Discover how it unfolded and the steps to mitigate the risk...
Wiz at Re:Invent 2024
See what’s new with Wiz at Re:Invent 2024 and learn about how Wiz and AWS continue to strengthen their strategic partnership, keeping AWS customers’ environments secure...
Authorized Agility: Wiz adds Code Security in the FedRAMP offering (Wiz for Gov)
Wiz is excited to announce the addition of Wiz Code into our Wiz for Gov offering, enabling organizations to visualize attack paths from cloud-to-code and bring guardrails into the software development lifecycle...
Wiz Defend: Delivering the Promise of Cloud-Native Security Operations
A new approach to detect and respond to cloud-native threats...
Introducing Wizdom Community: A New Era of Cloud Security Collaboration
Discover Wizdom: A vibrant community where cloud security professionals connect, collaborate, and lead the charge toward a safer digital future...
Wiz Defend is Here: Threat detection and response born for the cloud
Empower SecOps teams to stop incidents before they become breaches...
How to use AWS Resource Control Policies
Unlock the Power of AWS Resource Control Policies: Enforce Security and Streamline Governance Across Your Organization...
Wiz collaborates with NVIDIA to advance ML research for data classification
Wiz Research taps Llama 3 model NVIDIA NIM microservices for sensitive data classification...
Deloitte’s Cyber Cloud Managed Services (CCMS) - Enhance cyber posture with AWS and Wiz
Discover how Deloitte’s CCMS, powered by Wiz, enhances AWS cloud security with automated workflows, democratized risk management, and streamlined remediation to protect modern cloud environments...
Wiz observes exploitation in the wild of PAN-OS vulnerabilities
Detect and mitigate CVE-2024-0012 and CVE-2024-9474, PAN-OS vulnerabilities which Wiz Threat Research has observed being exploited in-the-wild. Organizations should patch urgently...
Wiz to acquire Dazz, transforming risk remediation from cloud to code
Together, we'll reinvent ASPM and code-to-cloud remediation...
Wiz Remediation and Response - Now available for Azure and GCP environments
Powerful new remediation and response capabilities enable the real-time enforcement of organizational security policies and streamline incident management...
Introducing The Champion Center: Operationalize and Measure Cloud Security Maturity Across Your Organization
Centralize security insights, scale adoption, and demonstrate measurable cloud security progress with Wiz...
Kubernetes Audit Log “Gotchas”
How to overcome challenges and security gaps when using K8s audit logs for forensics and attack detection...