3 overlooked misconfigurations that expose #cloud environments to CI/CD supply-chain attacks 🌩 🔹 Overprivileged access to container registries 🔹 Forgotten secrets 🔹 Inadequate network controls Attack flows ❌ Solutions ✅ in thread 🧵👇 wiz.io/blog/secret-ba…

The Wiz State of the Cloud report is out! Amitai Cohen and I put this together using Wiz's visibility to provide some stats. wiz.io/lp/state-of-th…

🚨 BREAKING: Wiz just made history! We've raised $300 million in Series D 🦄 With a $10B valuation, we're now the largest #cybersecurity unicorn in the world, and the FASTEST tech company to reach this valuation (in just 3 years!) 🌟 #decacorn

😍 This "How to" is introducing a new capability on AWS! This appears to be roughly the equivalent of the benefits of enforcing IMDSv2, but possibly less of the usability pain of the access denieds.

Read how a common misconfiguration in Azure allowed Wiz research team to modify Bing.com search results and take over millions of #office365 accounts! 🤯 Don’t forget to check your environments ✅ Kudos to our amazing research team! 👑 Hillai Ben-Sasson Shir

Great CTF challenge to test your #AWS IAM knowledge by Nir Ohfeld & Shir 🏆 wiz.io/blog/the-big-i…

Another great CTF challenge to test your #K8s knowledge by exploiting real common misconfiguration. By the amazing wizards Ronen Shustin & Nir Ohfeld! 👑👏 wiz.io/blog/announcin…

|￣￣￣￣￣￣￣￣￣￣￣￣￣￣| Secure Coding can be learned |＿＿＿＿＿＿＿＿＿＿＿＿＿＿| \ (•◡•) / \ / —— | | |_ |_ nodejs-security.com

Coming soon... K8sLANParty.com 👀 #LANParty #CTF #capturetheflag #challenge #cloudsecurity

Test your investigation skills and K8s network knowledge in Wiz's new CTF! By the amazing wizards Shir & Nir Ohfeld! 👑❤️

Hot from the oven for #KubeCon - a new #Kubernetes security tool for red-teamers and cluster operators to test for Lateral Movements and multi-tenancy isolation. Use responsibly😉 at github.com/wiz-sec-public…

We at Wiz have been researching AI service providers and found a concerning pattern that could let attackers access other users' prompts, models, and datasets. Why is this happening? 🧵

BREAKING: Internal #DeepSeek database publicly exposed 🚨 Wiz Research has discovered "DeepLeak" - a publicly accessible ClickHouse database belonging to DeepSeek, exposing highly sensitive information, including secret keys, plain-text chat messages, backend details, and logs.

📰 EXTRA EXTRA New news on Github Actions security! We (the wiz research team) have followed up our work on the tj-actions/changed-files incident by discovering an additional compromised Action reviewdog/action-setup@v1 was malicious for 2 hours on March 11th

Over 40% of internet-facing clusters are vulnerable to this attack, even if the admission controller isn't exposed directly any SSRF could lead to a full cluster takeover! Kudos to Wiz research team Nir Ohfeld, Ronen Shustin, sagitz, and Hillai Ben-Sasson! 👏🏆

🚨 We found a critical vulnerability in the popular Vibe Coding Platform : No password. No invite. Full access.

🏆 Can you escape a container & become THE ULTIMATE CLOUD SECURITY CHAMPION? This month's scenario was crafted by sagitz to explore container escape techniques, the same kind of risks we'll be diving into at Black Hat ! Challenge #2 👉 cloudsecuritychampionship.com/challenge/2

Are you up for a challenge? I authored a container security challenge for the Wiz Ultimate Cloud Security Championship 🤩 Put your skills to the test and try it out! 👇 cloudsecuritychampionship.com/challenge/2

🚨 We caught active exploitation in the wild by tracking unusual IMDS requests Our research team built a simple hunting method: find processes that don't normally access cloud metadata services, but suddenly started doing it. Works surprisingly well for finding real threats.

Another top-notch research from Wiz research team! Yuval Avrahami & Nir Ohfeld 👑🤯 demonstrating how critical it is to secure your CI/CD pipelines!