🚨 I’ve identified severe vulnerabilities in two of Anthropic’s Model Context Protocol (MCP) servers. These vulnerabilities could allow attackers to bypass protections, gain unrestricted filesystem access, and even execute arbitrary commands. Full breakdown below 👇

#IngressNightmare: Wiz Research uncovers a critical vulnerability in Ingress-NGINX 🚨 Wiz Research found a novel attack vector in one of Kubernetes's most fundamental projects, Ingress-NGINX, which is rated CVSS 9.8.

Really liked subscan for subdomain bruteforcing. Simple task. Simple tool that just works 👏 erdoganyoksul.com/subscan/user-g… Kudos @eredot_pkfr

Peak BH USA CFP abstract writing season is on! research.pause() creative_writing.start()

I just played Cloud Asteroids! Try to beat my score! wiz.io/asteroids

CVSS10.0 on SAP 🔥 With <sid>adm access, the attacker gains unauthorized access to the underlying SAP Operating System using the user and privileges of the processes running in the SAP Application Server, implying full access to any SAP resource. onapsis.com/blog/active-ex…

🚨 OH NOOOO! Someone stole the secret recipe of ExfilCola. We need your help tomorrow to get it back. Set your clocks for 9 a.m. ET ⏰ You'll need curiosity, cloud IR skills, and a taste for solving mysteries. 🧠 Do you think you can crack it?

🔍IT'S HERE: #ExfilCola, our cloud IR security CTF challenge!🥤 Your mission: - Investigate the cloud environment logs - Research the compromised machines - Secure the files and save the day ⏰ The Cloud Hunting Games are live >> cloudhuntinggames.com

🥁🥁🥁 Introducing: WizOS! #WizOS is here, our new set of hardened, near-zero-CVE base images, designed to give developers a secure foundation from the very first layer. Now in private preview for Wiz customers. Learn more: wiz.io/blog/introduci…

Marvelous! Benny Isaacs, Nir Brakha, Sagi Tzadik (sagitz) of Wiz Research successfully popped Redis in the AI category. They head off to see if they are the second full win for AI in #Pwn2Own history. #P2OBerlin

Double whammy! Nir Ohfeld (Nir Ohfeld) Shir Tamari (Shir) of Wiz Research kick off their Day 3 with an exploit of the NVIDIA Container Toolkit. They weren't confident, the their exploit hit on the first try. Off to the disclosure room with them. #Pwn2Own

Pwn2Own Berlin 2025 comes to a close. We awarded $1,078,750 for 28 unique 0-days. Congrats to starlabs for winning Master of Pwn with $320,000. Thanks to offensivecon for hosting, and thanks to all who participated. Can't wait to see you next year! #Pwn2Own #P2OBerlin

I'm super proud of the team and what we were able to accomplish together in our first Pwn2Own 🤩

Just dove deep into runc’s source and my mind is blown by the complexity of it all. Can't believe it works. Can't believe there aren't fifty container escapes per year 🙃

🔐 Bye-bye, brittle Regex. At BSidesSF, our team shared how we fine-tuned a small language model to fill those gaps, detecting secrets in code with higher accuracy and less noise, while running efficiently on CPUs. Why does this matter? 📖 Learn more >> wiz.io/blog/small-lan…

Speaker's dinner at fwd:cloudsec

DEFCON vibes at fwd:cloudsec

My coin collection from fwd:cloudsec you Sh0t the sheriff and Bug Bounty Argentina

const industryTimeline = { 1995: "Server rendering is fast and simple!", 2005: "AJAX is revolutionary!", 2010: "SPAs are the future!", 2015: "Why is everything so slow and complex?", 2020: "OMG server rendering is amazing! We invented it!" }; #waitwhat

This is my #mvp #saas that makes it impossible for CFP committees to know you're using #chatgpt for your talks.