The secret's out.🤫 Introducing THE ZERODAY.CLOUD COMMUNITY 👾 Inside: • 0-day vulnerability deep dives from Xint, Moritz Sanft, Paul Gerste & more... • Access to events & a network of world-class hackers • CTFs with prizes Join now :)

🚨 BREAKING: Wiz Research discovered Remote Code Execution on GitHub.com with a single git push. The flaw in @github.com allowed unauthorized access to millions of repositories belonging to other users and organizations 🤯

🚨 500+ malicious PRs. One campaign. Wiz Research traced 6 waves of prt-scan starting 3 weeks earlier. AI-powered, automated attacks exploiting pull_request_target. Low success rate—but real npm + cloud creds hit. Full story: www.wiz.io/blog/six-acc...

NEW CTF: AWS turned 20 🎉 So we built our monthly CTF challenge to celebrate: packed with challenges inspired by the last two decades of cloud ☁️ Oh, and… we made sure AI can't solve it 😅 So no prompts this time. Ready to play? www.cloudsecuritychampionship.com

🎉 IT'S OFFICIAL: wiz joins Google to secure the AI era. This is a massive moment for our customers and our team. Thank you to every customer, partner, and Wizard who made this moment possible 💙 We can't wait to share what's next. wiz.io/blog/google-...

🚨New CTF Alert: Got trust issues? Ever wondered what it's like to investigate a real data leak? Now's your chance. 🕵️ Your mission: 1) Investigate the compromised machine 2) Figure out how the attacker exfiltrated the data 3) Find the flag 🔗 Start here: cloudsecuritychampionship.com

How good is AI at hacking? We built a benchmark to find out. 🧪 Introducing the Offensive AI Benchmark, the framework that tests AI agents on 250+ real-world offensive security challenges. Check it out → www.wiz.io/cyber-model-...

🚨 CodeBreach: Wiz Research identified a critical repository-hijacking vulnerability that abused a CodeBuild Regex flaw to compromise core AWS GitHub repos, including a core lib running at the heart of the cloud's most critical interface - the #AWS Console.

🧠 Just in time for a new year, a NEW CTF drop! Think you know Terraform inside out? State of Affairs (challenge 7) might change your mind... This challenge uncovers an overlooked #Terraform risk and proves IaC tools are part of your supply chain. www.cloudsecuritychampionship.com/challenge/7

🚨 CRITICAL: MongoBleed (CVE-2025-14847). MongoDB bug leaks in-memory data pre-auth and is exploited in the wild. 42% of clouds vulnerable, ~87K exposed. Atlas patched. Self-hosted: patch now or disable zlib. www.wiz.io/blog/mongobl...

Day 2 at zeroday.cloud, let’s roll. 👾 👀 Didn’t register? No panic. Walk-ins are welcome for the onsite CTF and all the action happening on the floor. Flags are hidden. Only the sharp survive.

Day 1 of zeroday.cloud = PURE EXPLOIT ENERGY 👾 From crowd shots 👀 to researchers buried deep in terminals 💻 From first checks being claimed To live container escapes blowing minds in real time. See you tomorrow!

Day 1 at zeroday.cloud didn’t come to play 😈 New vulns dropped in Grafana, Linux Kernel, 3 Redis, and 2 PostgreSQL - and every. single. one. worked 🤯 100% success rate for day one. Let’s see what we find tomorrow 👀

Zeroday.cloud 2025 kicks off TOMORROW! 💻 London, brace yourself - IDEs open. Exploits cooking. 13 zero-days are on the line 💣 Don't miss it. Here's the schedule ahead ⬎

🎧 Your age after React2Shell... 𝟴𝟴. Cloud Security Wrapped 2025 is HERE ↓ Check out our exclusive insights from our Wiz Research team! Spotify, are we doing it right? 🎵

🚨 React2Shell (CVE‑2025‑55182) in‑the‑wild exploitation & deep‑dive analysis. Critical RCE across React 19, Next.js & all RSC frameworks. Patch now. www.wiz.io/blog/nextjs-...

🎉 This is not a dream 💤 OUR WizZZZ BOOTH IS NOW OPEN. Behold the ULTIMATE cloud security booth! Games, demos, swag, naps… and the coziest cloud security playground in history 🛏️ Come see why CISOs are finally sleeping through the night 😴

It’s time to bust some malware! 🦠 Challenge #6 “Malware Busters” is LIVE. Built by Gili Tikochinski for the reverse‑engineering pros - dive into assembly and uncover what’s hidden inside. Think you can crack it? cloudsecuritychampionship.com/challenge/6

🚨 New Shai-Hulud-style npm attack hitting 25k+ repos and growing fast. Devs & CI/CD exposed via malicious preinstall. Wiz Research has detection + mitigation. Details: www.wiz.io/blog/shai-hu...

🤖 65% of Forbes AI 50 companies leaked secrets on GitHub. Shay from our research team revealed how AI speed without security = leaks waiting to happen. Full Wiz Research report 👉 www.wiz.io/blog/forbes-...

New CTF challenge ($20,000 IN PRIZES) 💥 We're running "Operation Cloudfall" - a live CTF during BlackHat & zeroday.cloud on December 10-11. Get your free pass to the event today: zeroday.cloud/operation-cloudfall See you in London 🇬🇧

🕹️ Meet Path-Man: Your new favorite game. 👾👾👾 Our 1-minute Wiz ASM game has arrived! 🤔 Here's the challenge: Navigate the attack surface to reach exploitable risk before the attackers get you. Think you've got the skills? wiz.io/path-man

🎃 Something spooky's brewing in the cloud... Introducing a new CTF challenge - "Game of Pods" 🕸️ 💀 Written by top Azure researcher & worth 30 points, it's our BIGGEST challenge yet! Get your skills ready for zeroday.cloud: cloudsecuritychampionship.com

Need a partner to finish that exploit chain for ZERODAY.CLOUD? We just launched our Research Collaboration Center at zeroday.cloud/collab to connect researchers, combine skills, and meet the deadline. 🤝 The clock is ticking... ⏱️

Our biggest reminder yet. ZERODAY.CLOUD. A first-of-its-kind, open-source cloud hacking competition. Find vulnerabilities in the critical open-source software that powers the cloud, and compete for your share of a $4.5M prize pool. ➡️ www.zeroday.cloud

🎁 We're giving away 2,000 SHIFT LEFT keyboards ↓ Want one on your desk? Fill out the form >> redeem.reachdesk.com/lp/wiz/shift... That's it! The keyboard is on its way 📦 Why are we doing this? 👀 A secret game is coming… and the whole world is invited.

🚨 Wiz Research uncovered 100+ leaked VSCode publisher tokens that could let attackers push malicious updates to 185K+ installs. We partnered with Microsoft to secure tokens and protect the ecosystem.

🤖 We're witnessing something unprecedented with AI agents: Malware that literally prompts ChatGPT, Claude, and other LLMs to write its own attack code. Live. On victim machines.

Introducing ZERODAY.CLOUD🕵️‍♀️ Be the first to participate in the first-of-its-kind cloud hacking competition. 🤝 WIN HUGE PRIZES from our up to 4.5 million dollar prize pool. 💰🏆 Join us to help make the cloud a safer place. Register your exploit now >> zeroday.cloud

@fortune.com JUST DROPPED A FEATURE ON Wiz 🔥 If you've been following the Wiz story, this one's for you. HUGE shoutout to everyone who made this story worth telling. You helped build something Fortune couldn't ignore 💙 fortune.com/article/wiz-...

🚨 #Shai-Hulud: Major npm supply chain attack. 100+ packages weaponized with stolen GitHub tokens, stealing secrets, hijacking repos, and auto-propagating like a worm. Guidance + detections inside www.wiz.io/blog/shai-hu...

🚨 Major npm hijack: Attackers took over Qix's account (chalk, debug & more). Malicious versions briefly hit npm, injecting browser code to hijack crypto transactions. DuckDB ecosystem is also affected.

Meet WizOS 💥 Public Preview! Secure, minimal container images with near-zero CVEs. Less patching, more speed, swap images right in your CI/CD & IDEs. www.wiz.io/blog/wizos-t...

🚨 One leaked #AWS key fueled a global phishing campaign. Wiz traced the attack, stopped it with Defend alerts, and added protections so one key never opens every door. Full story 👉 www.wiz.io/blog/wiz-dis...

🚨 Your Cloud DFIR Desk Mat is here! A first-ever poster mapping MITRE ATT&CK to key AWS, Azure & GCP log sources and API events. 📥 Get your copy: threats.wiz.io/cloud-dfir-p...

🚨 New CTF: Azure APT 🏆 Step into the shoes of an attacker targeting Azure. Use a malicious OAuth app, bypass restrictions, and capture the flag. Can you solve all 12 CTF's and WIN our belt? Test your skills with this month's CTF by Lior Sonntag 👉 www.cloudsecuritychampionship.com/challenge/3

🚨 hashtag#s1ngularity: a supply chain attack hiding in the Nx npm package Malicious versions stole hashtag#GitHub tokens, SSH keys, wallets, and secrets, even hijacking AI CLI tools to help exfiltrate data.

🚨 New keys just dropped… and they're already leaking. #AWS introduced Bedrock API keys, both long-term and short-term. On the surface, they look like just another way to authenticate. But here's the twist ⬇️

🤖 AI agents are everywhere now. So we put together a practical security guide that actually maps out what's happening in the wild. 👇 No fluff. Just the stuff security teams need to know. Save this cheat sheet 💾

🤖 AI agents are everywhere now. So we put together a practical security guide that actually maps out what's happening in the wild. 👇 No fluff. Just the stuff security teams need to know. Save this cheat sheet 💾

Introducing Wizmojis.com >> Our cloud security emojis for your Slack & WhatsApp that finally get YOU. 💬 Some favorites: * blame-the-intern * cve-part * phishing-season ⬇️ Comment below — What emoji do you need on Slack? The best ideas might just make it into the next pack of Wizmojis.

You're officially invited to the BIGGEST WIZ EVENT of the year... WIZDOM! We're going all in: Wizdom is your exclusive, in-person pass to the people & ideas shaping the future of cloud security ⬇︎ 📍 New York City, Nov 3-5 📍 London, Nov 17-19 Your calendar won't block itself. www.wiz.io/wizdom

Introducing... 🥁 Say hello to Wiz for Exposure Management! 🥳 Wiz for Exposure Management is a NEW way to unify, prioritize, and fix exposures everywhere it lives: in your cloud, code, and on-prem infrastructure. Learn more: www.wiz.io/blog/wiz-for...

🚨 Wiz Research found a vulnerability chain in NVIDIA's open-source Triton Inference Server What started as a small error message turned into something big: A path to full remote code execution, no creds, no user interaction.

🏆 Can you escape a container & become THE ULTIMATE CLOUD SECURITY CHAMPION? This month's scenario was crafted by Sagi Tzadik to explore container escape techniques, the same kinds of risks we'll be diving into at #BlackHat next week! Challenge #2 👉 cloudsecuritychampionship.com/challenge/2

🚨 We found a critical vulnerability in the popular Vibe Coding Platform Base44: No password. No invite. Full access.

🚨 TraderTraitor: North Korea's cyber "traitor" inside the crypto world. This hacking crew hijacks dev workflows, poisons open-source, and compromises cloud environments — all to steal billions in crypto. Here's how they do it 🧵 www.wiz.io/blog/north-k...

🚨 New research: A cryptomining campaign is hijacking exposed PostgreSQL, hiding payloads in fake 404 pages, and abusing legit infra. Multiplatform, stealthy, and still active 👉 www.wiz.io/blog/soco404...

What do CISOs talk about over a cocktail? EVERYTHING.🍸 Ryan sits down for a real talk with Andrew from WestCap. And trust us, the conversation is just as strong as the tequila. You've never seen CISOs like this... Watch now🍹 >> www.youtube.com/watch?v=QRrt...

🚨 #NVIDIAscape: Your AI workloads might not be as safe as you think... Wiz Research uncovered a 3-line container escape vulnerability in the NVIDIA Container Toolkit That means root access to your models, data, and infra. Full blog 👉 www.wiz.io/blog/nvidia-...