New CTF challenge ($20,000 IN PRIZES) 💥 We're running "Operation Cloudfall" - a live CTF during BlackHat & zeroday.cloud on December 10-11. Get your free pass to the event today: zeroday.cloud/operation-cloudfall See you in London 🇬🇧

🕹️ Meet Path-Man: Your new favorite game. 👾👾👾 Our 1-minute Wiz ASM game has arrived! 🤔 Here's the challenge: Navigate the attack surface to reach exploitable risk before the attackers get you. Think you've got the skills? wiz.io/path-man

🎃 Something spooky's brewing in the cloud... Introducing a new CTF challenge - "Game of Pods" 🕸️ 💀 Written by top Azure researcher & worth 30 points, it's our BIGGEST challenge yet! Get your skills ready for zeroday.cloud: cloudsecuritychampionship.com

Need a partner to finish that exploit chain for ZERODAY.CLOUD? We just launched our Research Collaboration Center at zeroday.cloud/collab to connect researchers, combine skills, and meet the deadline. 🤝 The clock is ticking... ⏱️

Our biggest reminder yet. ZERODAY.CLOUD. A first-of-its-kind, open-source cloud hacking competition. Find vulnerabilities in the critical open-source software that powers the cloud, and compete for your share of a $4.5M prize pool. ➡️ www.zeroday.cloud

🎁 We're giving away 2,000 SHIFT LEFT keyboards ↓ Want one on your desk? Fill out the form >> redeem.reachdesk.com/lp/wiz/shift... That's it! The keyboard is on its way 📦 Why are we doing this? 👀 A secret game is coming… and the whole world is invited.

🚨 Wiz Research uncovered 100+ leaked VSCode publisher tokens that could let attackers push malicious updates to 185K+ installs. We partnered with Microsoft to secure tokens and protect the ecosystem.

🤖 We're witnessing something unprecedented with AI agents: Malware that literally prompts ChatGPT, Claude, and other LLMs to write its own attack code. Live. On victim machines.

Introducing ZERODAY.CLOUD🕵️‍♀️ Be the first to participate in the first-of-its-kind cloud hacking competition. 🤝 WIN HUGE PRIZES from our up to 4.5 million dollar prize pool. 💰🏆 Join us to help make the cloud a safer place. Register your exploit now >> zeroday.cloud

@fortune.com JUST DROPPED A FEATURE ON Wiz 🔥 If you've been following the Wiz story, this one's for you. HUGE shoutout to everyone who made this story worth telling. You helped build something Fortune couldn't ignore 💙 fortune.com/article/wiz-...

🚨 #Shai-Hulud: Major npm supply chain attack. 100+ packages weaponized with stolen GitHub tokens, stealing secrets, hijacking repos, and auto-propagating like a worm. Guidance + detections inside www.wiz.io/blog/shai-hu...

🚨 Major npm hijack: Attackers took over Qix's account (chalk, debug & more). Malicious versions briefly hit npm, injecting browser code to hijack crypto transactions. DuckDB ecosystem is also affected.

Meet WizOS 💥 Public Preview! Secure, minimal container images with near-zero CVEs. Less patching, more speed, swap images right in your CI/CD & IDEs. www.wiz.io/blog/wizos-t...

🚨 One leaked #AWS key fueled a global phishing campaign. Wiz traced the attack, stopped it with Defend alerts, and added protections so one key never opens every door. Full story 👉 www.wiz.io/blog/wiz-dis...

🚨 Your Cloud DFIR Desk Mat is here! A first-ever poster mapping MITRE ATT&CK to key AWS, Azure & GCP log sources and API events. 📥 Get your copy: threats.wiz.io/cloud-dfir-p...

🚨 New CTF: Azure APT 🏆 Step into the shoes of an attacker targeting Azure. Use a malicious OAuth app, bypass restrictions, and capture the flag. Can you solve all 12 CTF's and WIN our belt? Test your skills with this month's CTF by Lior Sonntag 👉 www.cloudsecuritychampionship.com/challenge/3

🚨 hashtag#s1ngularity: a supply chain attack hiding in the Nx npm package Malicious versions stole hashtag#GitHub tokens, SSH keys, wallets, and secrets, even hijacking AI CLI tools to help exfiltrate data.

🚨 New keys just dropped… and they're already leaking. #AWS introduced Bedrock API keys, both long-term and short-term. On the surface, they look like just another way to authenticate. But here's the twist ⬇️

🤖 AI agents are everywhere now. So we put together a practical security guide that actually maps out what's happening in the wild. 👇 No fluff. Just the stuff security teams need to know. Save this cheat sheet 💾

🤖 AI agents are everywhere now. So we put together a practical security guide that actually maps out what's happening in the wild. 👇 No fluff. Just the stuff security teams need to know. Save this cheat sheet 💾

Introducing Wizmojis.com >> Our cloud security emojis for your Slack & WhatsApp that finally get YOU. 💬 Some favorites: * blame-the-intern * cve-part * phishing-season ⬇️ Comment below — What emoji do you need on Slack? The best ideas might just make it into the next pack of Wizmojis.

You're officially invited to the BIGGEST WIZ EVENT of the year... WIZDOM! We're going all in: Wizdom is your exclusive, in-person pass to the people & ideas shaping the future of cloud security ⬇︎ 📍 New York City, Nov 3-5 📍 London, Nov 17-19 Your calendar won't block itself. www.wiz.io/wizdom

Introducing... 🥁 Say hello to Wiz for Exposure Management! 🥳 Wiz for Exposure Management is a NEW way to unify, prioritize, and fix exposures everywhere it lives: in your cloud, code, and on-prem infrastructure. Learn more: www.wiz.io/blog/wiz-for...

🚨 Wiz Research found a vulnerability chain in NVIDIA's open-source Triton Inference Server What started as a small error message turned into something big: A path to full remote code execution, no creds, no user interaction.

🏆 Can you escape a container & become THE ULTIMATE CLOUD SECURITY CHAMPION? This month's scenario was crafted by Sagi Tzadik to explore container escape techniques, the same kinds of risks we'll be diving into at #BlackHat next week! Challenge #2 👉 cloudsecuritychampionship.com/challenge/2

🚨 We found a critical vulnerability in the popular Vibe Coding Platform Base44: No password. No invite. Full access.

🚨 TraderTraitor: North Korea's cyber "traitor" inside the crypto world. This hacking crew hijacks dev workflows, poisons open-source, and compromises cloud environments — all to steal billions in crypto. Here's how they do it 🧵 www.wiz.io/blog/north-k...

🚨 New research: A cryptomining campaign is hijacking exposed PostgreSQL, hiding payloads in fake 404 pages, and abusing legit infra. Multiplatform, stealthy, and still active 👉 www.wiz.io/blog/soco404...

What do CISOs talk about over a cocktail? EVERYTHING.🍸 Ryan sits down for a real talk with Andrew from WestCap. And trust us, the conversation is just as strong as the tequila. You've never seen CISOs like this... Watch now🍹 >> www.youtube.com/watch?v=QRrt...

🚨 #NVIDIAscape: Your AI workloads might not be as safe as you think... Wiz Research uncovered a 3-line container escape vulnerability in the NVIDIA Container Toolkit That means root access to your models, data, and infra. Full blog 👉 www.wiz.io/blog/nvidia-...

🚨 NEW RESEARCH: #NVIDIAscape AI vulnerability uncovered! Wiz Research discovered a critical vulnerability (CVE-2025-23266) in the NVIDIA Container Toolkit, the glue connecting containers to GPUs across major cloud providers.

💡 Eden hosts Nichole Dove, @sherrod.bsky.social & @alonsch.bsky.social. Cloud chaos, career confessions & the future of cybersecurity. This one hits different. Listen now: 🍏 open.spotify.com/episode/6vGW... 🎧 podcasts.apple.com/us/podcast/l... 📺 www.youtube.com/watch?v=7Kwi...

WOOHOO! We are #1 in over 130 reports on #G2 this summer!☀️🍉 Huge G2 moment, and it's all thanks to you 💙 THANK YOU to our amazing Wizards and customers for your continued trust, feedback, and partnership. 🪄 www.wiz.io/lp/g2-grid-r...

Synthesized 20+ sources and internal @wizsecurity.bsky.social expertise to come out with a comprehensive guide to MCP security Today's options, and tomorrow's possibilities www.wiz.io/blog/mcp-sec...

In light of recent GitHub Actions incidents (Ultralytics, tj-actions...), I wrote up a practical guide to hardening for @wizsecurity.bsky.social Covers permissions, secrets, 3rd-party Actions, ++ Use it to avoid learning these lessons the hard way: www.wiz.io/blog/github-...

I had a lot of fun making this challenge. I wanted to do a cloud security challenge where the cloud infrastructure is secure (IMDSv2, data perimeters), but something still allows it to be hackable and you need to know some advanced AWS security tricks to abuse it. 🤫 Try it out!

🚨 New vulnerabilities in #NetScaler (incl. a 0-day) are now exploited in the wild. 2 enable admin access via session theft. 3.5% of clouds exposed. POCs out. Patch now. 🔍 Full breakdown → www.wiz.io/blog/critica...

🚨 Wiz spotted a JDWP RCE attack deploying a stealthy cryptominer within hours. Custom XMRig, no CLI flags, deep persistence. Debug mode ≠ safe mode. Read the full breakdown 👉 www.wiz.io/blog/exposed...

10k+ players have already joined the Ultimate Cloud Security Championship, and we're just getting started. 💥 🌍 Participants from 20+ countries 🔓 200+ have solved Challenge #1 by @scottpiper.bsky.social 🏆 Only the top make it to the leaderboard Claim your spot → www.cloudsecuritychampionship.com

🚨THE ULTIMATE CLOUD SECURITY CHAMPIONSHIP begins today! 🥊 12 monthly challenges. 12 top researchers. One leaderboard. Challenge #1 is LIVE now, created by @scottpiper.bsky.social. Solve challenges & climb the leaderboard 🏆 Think you've got what it takes? → cloudsecuritychampionship.com

📣 Just dropped: Wiz Service Catalog! 🛠️ A new way to organize cloud risk by the services your teams own. Reduce noise, align development and security, and remediate faster. Now in public preview 👉 www.wiz.io/blog/wiz-ser...

🚨 We scanned GitHub and found *hundreds* of valid secrets, 4 of the top 5 were AI-related: HuggingFace, Azure OpenAI, Weights & Biases, and Groq. Read more: www.wiz.io/blog/leaking...

🎊 BIG MILESTONE 🎊 50% of Wiz customers have joined the Zero Critical Club, reaching 0 critical issues in the cloud. We're celebrating every customer that made this happen - and setting the bar for what's next in cloud security. www.wiz.io/blog/celebra...

🚨 REMINDER: The Wiz Vulnerability Database is live, and already used by 30,000+ cloud security pros. Here's what's new >> - 138,000+ CVEs in the database - 1,500+ new CVEs added monthly - New expert analysis from the Wiz Research team Start exploring → wiz.io/vulnerability-database

🚨 New Wiz research: Active exploitation of Ivanti EPMM flaws (CVE-2025-4427 & 4428) enables RCE in the wild. Cloud systems are at risk; patch now. Wiz customers can find pre-built detection queries in the Threat Intelligence Center. Full details 👉 www.wiz.io/blog/ivanti-...

From supply chain attacks to exposed AI infra, our podcast & newsletter were on 🔥 this year! 🎧 Thanks to everyone who joined us on Crying Out Cloud this year. Dive into our top stories → www.wiz.io/blog/favorit...

Over 14,500 have joined #ExfilCola's cloud IR CTF to track a fizzing breach 🥤 1,400+ solved challenge 1, 350+ beat it all, players from 48+ countries. Still time to join: cloudhuntinggames.com

📊 NEW REPORT: Wiz analyzed 150,000+ cloud accounts to uncover eye-opening insights on misconfigurations & vulnerabilities. Stay ahead with #DSPM to protect sensitive cloud data. Learn more: www.wiz.io/blog/cloud-d...

🎙️All you need to know on bug bounty insights w/ @rhynorater.bsky.social! @amitaico.bsky.social & Eden dive into hacks, lessons & wild stories on Crying Out Cloud. 🔗 Listen now: 🍏 podcasts.apple.com/us/podcast/b... 🎧 open.spotify.com/episode/6B6q... 📺 youtube.com/watch?v=eW6k...

🚨 New from Wiz Research: GitHub Actions are under attack. @ramimac.me breaks down the risks + how to secure them. Read the full blog! 👉 www.wiz.io/blog/github-...