🚨 CodeBreach: Wiz Research identified a critical repository-hijacking vulnerability that abused a CodeBuild Regex flaw to compromise core AWS GitHub repos, including a core lib running at the heart of the cloud's most critical interface - the #AWS Console.

🧠 Just in time for a new year, a NEW CTF drop! Think you know Terraform inside out? State of Affairs (challenge 7) might change your mind... This challenge uncovers an overlooked #Terraform risk and proves IaC tools are part of your supply chain. www.cloudsecuritychampionship.com/challenge/7

🚨 CRITICAL: MongoBleed (CVE-2025-14847). MongoDB bug leaks in-memory data pre-auth and is exploited in the wild. 42% of clouds vulnerable, ~87K exposed. Atlas patched. Self-hosted: patch now or disable zlib. www.wiz.io/blog/mongobl...

Day 2 at zeroday.cloud, let’s roll. 👾 👀 Didn’t register? No panic. Walk-ins are welcome for the onsite CTF and all the action happening on the floor. Flags are hidden. Only the sharp survive.

Day 1 of zeroday.cloud = PURE EXPLOIT ENERGY 👾 From crowd shots 👀 to researchers buried deep in terminals 💻 From first checks being claimed To live container escapes blowing minds in real time. See you tomorrow!

Day 1 at zeroday.cloud didn’t come to play 😈 New vulns dropped in Grafana, Linux Kernel, 3 Redis, and 2 PostgreSQL - and every. single. one. worked 🤯 100% success rate for day one. Let’s see what we find tomorrow 👀

Zeroday.cloud 2025 kicks off TOMORROW! 💻 London, brace yourself - IDEs open. Exploits cooking. 13 zero-days are on the line 💣 Don't miss it. Here's the schedule ahead ⬎

🎧 Your age after React2Shell... 𝟴𝟴. Cloud Security Wrapped 2025 is HERE ↓ Check out our exclusive insights from our Wiz Research team! Spotify, are we doing it right? 🎵

🚨 React2Shell (CVE‑2025‑55182) in‑the‑wild exploitation & deep‑dive analysis. Critical RCE across React 19, Next.js & all RSC frameworks. Patch now. www.wiz.io/blog/nextjs-...

🎉 This is not a dream 💤 OUR WizZZZ BOOTH IS NOW OPEN. Behold the ULTIMATE cloud security booth! Games, demos, swag, naps… and the coziest cloud security playground in history 🛏️ Come see why CISOs are finally sleeping through the night 😴

It’s time to bust some malware! 🦠 Challenge #6 “Malware Busters” is LIVE. Built by Gili Tikochinski for the reverse‑engineering pros - dive into assembly and uncover what’s hidden inside. Think you can crack it? cloudsecuritychampionship.com/challenge/6

🚨 New Shai-Hulud-style npm attack hitting 25k+ repos and growing fast. Devs & CI/CD exposed via malicious preinstall. Wiz Research has detection + mitigation. Details: www.wiz.io/blog/shai-hu...

🤖 65% of Forbes AI 50 companies leaked secrets on GitHub. Shay from our research team revealed how AI speed without security = leaks waiting to happen. Full Wiz Research report 👉 www.wiz.io/blog/forbes-...

New CTF challenge ($20,000 IN PRIZES) 💥 We're running "Operation Cloudfall" - a live CTF during BlackHat & zeroday.cloud on December 10-11. Get your free pass to the event today: zeroday.cloud/operation-cloudfall See you in London 🇬🇧

🕹️ Meet Path-Man: Your new favorite game. 👾👾👾 Our 1-minute Wiz ASM game has arrived! 🤔 Here's the challenge: Navigate the attack surface to reach exploitable risk before the attackers get you. Think you've got the skills? wiz.io/path-man

🎃 Something spooky's brewing in the cloud... Introducing a new CTF challenge - "Game of Pods" 🕸️ 💀 Written by top Azure researcher & worth 30 points, it's our BIGGEST challenge yet! Get your skills ready for zeroday.cloud: cloudsecuritychampionship.com

Need a partner to finish that exploit chain for ZERODAY.CLOUD? We just launched our Research Collaboration Center at zeroday.cloud/collab to connect researchers, combine skills, and meet the deadline. 🤝 The clock is ticking... ⏱️

Our biggest reminder yet. ZERODAY.CLOUD. A first-of-its-kind, open-source cloud hacking competition. Find vulnerabilities in the critical open-source software that powers the cloud, and compete for your share of a $4.5M prize pool. ➡️ www.zeroday.cloud

🎁 We're giving away 2,000 SHIFT LEFT keyboards ↓ Want one on your desk? Fill out the form >> redeem.reachdesk.com/lp/wiz/shift... That's it! The keyboard is on its way 📦 Why are we doing this? 👀 A secret game is coming… and the whole world is invited.

🚨 Wiz Research uncovered 100+ leaked VSCode publisher tokens that could let attackers push malicious updates to 185K+ installs. We partnered with Microsoft to secure tokens and protect the ecosystem.

🤖 We're witnessing something unprecedented with AI agents: Malware that literally prompts ChatGPT, Claude, and other LLMs to write its own attack code. Live. On victim machines.

Introducing ZERODAY.CLOUD🕵️‍♀️ Be the first to participate in the first-of-its-kind cloud hacking competition. 🤝 WIN HUGE PRIZES from our up to 4.5 million dollar prize pool. 💰🏆 Join us to help make the cloud a safer place. Register your exploit now >> zeroday.cloud

@fortune.com JUST DROPPED A FEATURE ON Wiz 🔥 If you've been following the Wiz story, this one's for you. HUGE shoutout to everyone who made this story worth telling. You helped build something Fortune couldn't ignore 💙 fortune.com/article/wiz-...

🚨 #Shai-Hulud: Major npm supply chain attack. 100+ packages weaponized with stolen GitHub tokens, stealing secrets, hijacking repos, and auto-propagating like a worm. Guidance + detections inside www.wiz.io/blog/shai-hu...

🚨 Major npm hijack: Attackers took over Qix's account (chalk, debug & more). Malicious versions briefly hit npm, injecting browser code to hijack crypto transactions. DuckDB ecosystem is also affected.

Meet WizOS 💥 Public Preview! Secure, minimal container images with near-zero CVEs. Less patching, more speed, swap images right in your CI/CD & IDEs. www.wiz.io/blog/wizos-t...

🚨 One leaked #AWS key fueled a global phishing campaign. Wiz traced the attack, stopped it with Defend alerts, and added protections so one key never opens every door. Full story 👉 www.wiz.io/blog/wiz-dis...

🚨 Your Cloud DFIR Desk Mat is here! A first-ever poster mapping MITRE ATT&CK to key AWS, Azure & GCP log sources and API events. 📥 Get your copy: threats.wiz.io/cloud-dfir-p...

🚨 New CTF: Azure APT 🏆 Step into the shoes of an attacker targeting Azure. Use a malicious OAuth app, bypass restrictions, and capture the flag. Can you solve all 12 CTF's and WIN our belt? Test your skills with this month's CTF by Lior Sonntag 👉 www.cloudsecuritychampionship.com/challenge/3

🚨 hashtag#s1ngularity: a supply chain attack hiding in the Nx npm package Malicious versions stole hashtag#GitHub tokens, SSH keys, wallets, and secrets, even hijacking AI CLI tools to help exfiltrate data.

🚨 New keys just dropped… and they're already leaking. #AWS introduced Bedrock API keys, both long-term and short-term. On the surface, they look like just another way to authenticate. But here's the twist ⬇️

🤖 AI agents are everywhere now. So we put together a practical security guide that actually maps out what's happening in the wild. 👇 No fluff. Just the stuff security teams need to know. Save this cheat sheet 💾

🤖 AI agents are everywhere now. So we put together a practical security guide that actually maps out what's happening in the wild. 👇 No fluff. Just the stuff security teams need to know. Save this cheat sheet 💾

Introducing Wizmojis.com >> Our cloud security emojis for your Slack & WhatsApp that finally get YOU. 💬 Some favorites: * blame-the-intern * cve-part * phishing-season ⬇️ Comment below — What emoji do you need on Slack? The best ideas might just make it into the next pack of Wizmojis.

You're officially invited to the BIGGEST WIZ EVENT of the year... WIZDOM! We're going all in: Wizdom is your exclusive, in-person pass to the people & ideas shaping the future of cloud security ⬇︎ 📍 New York City, Nov 3-5 📍 London, Nov 17-19 Your calendar won't block itself. www.wiz.io/wizdom

Introducing... 🥁 Say hello to Wiz for Exposure Management! 🥳 Wiz for Exposure Management is a NEW way to unify, prioritize, and fix exposures everywhere it lives: in your cloud, code, and on-prem infrastructure. Learn more: www.wiz.io/blog/wiz-for...

🚨 Wiz Research found a vulnerability chain in NVIDIA's open-source Triton Inference Server What started as a small error message turned into something big: A path to full remote code execution, no creds, no user interaction.

🏆 Can you escape a container & become THE ULTIMATE CLOUD SECURITY CHAMPION? This month's scenario was crafted by Sagi Tzadik to explore container escape techniques, the same kinds of risks we'll be diving into at #BlackHat next week! Challenge #2 👉 cloudsecuritychampionship.com/challenge/2

🚨 We found a critical vulnerability in the popular Vibe Coding Platform Base44: No password. No invite. Full access.

🚨 TraderTraitor: North Korea's cyber "traitor" inside the crypto world. This hacking crew hijacks dev workflows, poisons open-source, and compromises cloud environments — all to steal billions in crypto. Here's how they do it 🧵 www.wiz.io/blog/north-k...

🚨 New research: A cryptomining campaign is hijacking exposed PostgreSQL, hiding payloads in fake 404 pages, and abusing legit infra. Multiplatform, stealthy, and still active 👉 www.wiz.io/blog/soco404...

What do CISOs talk about over a cocktail? EVERYTHING.🍸 Ryan sits down for a real talk with Andrew from WestCap. And trust us, the conversation is just as strong as the tequila. You've never seen CISOs like this... Watch now🍹 >> www.youtube.com/watch?v=QRrt...

🚨 #NVIDIAscape: Your AI workloads might not be as safe as you think... Wiz Research uncovered a 3-line container escape vulnerability in the NVIDIA Container Toolkit That means root access to your models, data, and infra. Full blog 👉 www.wiz.io/blog/nvidia-...

🚨 NEW RESEARCH: #NVIDIAscape AI vulnerability uncovered! Wiz Research discovered a critical vulnerability (CVE-2025-23266) in the NVIDIA Container Toolkit, the glue connecting containers to GPUs across major cloud providers.

💡 Eden hosts Nichole Dove, @sherrod.bsky.social & @alonsch.bsky.social. Cloud chaos, career confessions & the future of cybersecurity. This one hits different. Listen now: 🍏 open.spotify.com/episode/6vGW... 🎧 podcasts.apple.com/us/podcast/l... 📺 www.youtube.com/watch?v=7Kwi...

WOOHOO! We are #1 in over 130 reports on #G2 this summer!☀️🍉 Huge G2 moment, and it's all thanks to you 💙 THANK YOU to our amazing Wizards and customers for your continued trust, feedback, and partnership. 🪄 www.wiz.io/lp/g2-grid-r...

Synthesized 20+ sources and internal @wizsecurity.bsky.social expertise to come out with a comprehensive guide to MCP security Today's options, and tomorrow's possibilities www.wiz.io/blog/mcp-sec...

In light of recent GitHub Actions incidents (Ultralytics, tj-actions...), I wrote up a practical guide to hardening for @wizsecurity.bsky.social Covers permissions, secrets, 3rd-party Actions, ++ Use it to avoid learning these lessons the hard way: www.wiz.io/blog/github-...

I had a lot of fun making this challenge. I wanted to do a cloud security challenge where the cloud infrastructure is secure (IMDSv2, data perimeters), but something still allows it to be hackable and you need to know some advanced AWS security tricks to abuse it. 🤫 Try it out!

🚨 New vulnerabilities in #NetScaler (incl. a 0-day) are now exploited in the wild. 2 enable admin access via session theft. 3.5% of clouds exposed. POCs out. Patch now. 🔍 Full breakdown → www.wiz.io/blog/critica...