Profile avatar
wizsecurity.bsky.social
Secure everything you build and run in the cloud
49 posts 90 followers 9 following
Prolific Poster
Conversation Starter
Posts 36 Comments 14

๐ŸŽŠ BIG MILESTONE ๐ŸŽŠ 50% of Wiz customers have joined the Zero Critical Club, reaching 0 critical issues in the cloud. We're celebrating every customer that made this happen - and setting the bar for what's next in cloud security. www.wiz.io/blog/celebra...

submitted 5 days ago โ€ข 0 comments

๐Ÿšจ REMINDER: The Wiz Vulnerability Database is live, and already used by 30,000+ cloud security pros. Here's what's new >> - 138,000+ CVEs in the database - 1,500+ new CVEs added monthly - New expert analysis from the Wiz Research team Start exploring โ†’ wiz.io/vulnerability-database

submitted 11 days ago โ€ข 0 comments

๐Ÿšจ New Wiz research: Active exploitation of Ivanti EPMM flaws (CVE-2025-4427 & 4428) enables RCE in the wild. Cloud systems are at risk; patch now. Wiz customers can find pre-built detection queries in the Threat Intelligence Center. Full details ๐Ÿ‘‰ www.wiz.io/blog/ivanti-...

submitted 17 days ago โ€ข 0 comments

From supply chain attacks to exposed AI infra, our podcast & newsletter were on ๐Ÿ”ฅ this year! ๐ŸŽง Thanks to everyone who joined us on Crying Out Cloud this year. Dive into our top stories โ†’ www.wiz.io/blog/favorit...

submitted 23 days ago โ€ข 0 comments

Over 14,500 have joined #ExfilCola's cloud IR CTF to track a fizzing breach ๐Ÿฅค 1,400+ solved challenge 1, 350+ beat it all, players from 48+ countries. Still time to join: cloudhuntinggames.com

submitted 24 days ago โ€ข 0 comments

๐Ÿ“Š NEW REPORT: Wiz analyzed 150,000+ cloud accounts to uncover eye-opening insights on misconfigurations & vulnerabilities. Stay ahead with #DSPM to protect sensitive cloud data. Learn more: www.wiz.io/blog/cloud-d...

submitted 27 days ago โ€ข 0 comments

๐ŸŽ™๏ธAll you need to know on bug bounty insights w/ @rhynorater.bsky.social! @amitaico.bsky.social & Eden dive into hacks, lessons & wild stories on Crying Out Cloud. ๐Ÿ”— Listen now: ๐Ÿ podcasts.apple.com/us/podcast/b... ๐ŸŽง open.spotify.com/episode/6B6q... ๐Ÿ“บ youtube.com/watch?v=eW6k...

submitted 31 days ago โ€ข 0 comments

๐Ÿšจ New from Wiz Research: GitHub Actions are under attack. @ramimac.me breaks down the risks + how to secure them. Read the full blog! ๐Ÿ‘‰ www.wiz.io/blog/github-...

submitted 32 days ago โ€ข 0 comments

๐Ÿ”IT'S HERE: #ExfilCola, our cloud IR security CTF challenge!๐Ÿฅค Your mission: - Investigate the cloud environment logs - Research the compromised machines - Secure the files and save the day โฐ The Cloud Hunting Games are live >> www.cloudhuntinggames.com

submitted 33 days ago โ€ข 0 comments

๐Ÿšจ OH NOOOO! Someone stole the secret recipe of ExfilCola. We need your help tomorrow to get it back. Set your clocks for 9 a.m. ET โฐ You'll need curiosity, cloud IR skills, and a taste for solving mysteries. ๐Ÿง  Do you think you can crack it?

submitted 34 days ago โ€ข 0 comments

๐ŸŽ‰ CISOTOPIA IS NOW OPEN FOR BUSINESS! ๐ŸŽ‰ Introducing the world's first cybersecurity toy store, packed with books, puzzles, toys, and games you must have. See ya'll soon at Booth #N4435 at #RSAC

submitted 40 days ago โ€ข 0 comments

๐Ÿคฏ Introducing the Wiz MCP Server! Our powerful new way to connect Wiz to your tools and LLM applications - investigate, respond, and reduce risk in your cloud faster than ever. Learn more: www.wiz.io/blog/introdu...

submitted 47 days ago โ€ข 0 comments

Working with Model Context Protocol (MCP)? Rami McCarthy breaks down the real risks and how to secure your stack, plus where MCP security is going next. ๐Ÿ› ๏ธ Today: what to lock down ๐Ÿ›ฐ๏ธ Tomorrow: what's coming ๐Ÿ‘‡ Check it out: www.wiz.io/blog/mcp-sec...

submitted 52 days ago โ€ข 0 comments

๐ŸŽ™๏ธ New episode! Our own @ramimac.me helps dive into GitHub supply chain attacks, IngressNightmare, and Oracle breach rumors. Tune in for the latest cloud security insights! ๐ŸŽง podcasts.apple.com/us/podcast/q...

submitted 60 days ago โ€ข 0 comments

Need to brush up on your #SecOps skills? Weโ€™ve got the perfect training buddy. Or four. And they bark. Meet โ€œ๐—ง๐—ฟ๐—ฎ๐—ถ๐—ป ๐—ฌ๐—ผ๐˜‚๐—ฟ ๐—ง๐—ฒ๐—ฎ๐—บ ๐—ณ๐—ผ๐—ฟ ๐—–๐—น๐—ผ๐˜‚๐—ฑโ€ โ€“ Wizโ€™s free training site. ๐Ÿ‘‰ Start learning (and tail-wagging): wiz.io/courses

submitted 61 days ago โ€ข 0 comments

How did Material Security use #WizDefend to secure GCP + Azure? Unified detection, contextual alerts & faster responseโ€”without scaling SIEM. ๐Ÿ”— Full story: www.wiz.io/customers/ma...

submitted 66 days ago โ€ข 0 comments

๐ŸŽ‰ BIG NEWS: WIZ DEFEND IS HERE! ๐Ÿฅ We're excited to announce that the future of cloud defense is here with Wiz Defend - built to help SecOps teams detect & stop modern cloud threats at scale. Why is it a game-changer? Learn more ๐Ÿ‘‡ www.wiz.io/blog/wiz-def...

submitted 67 days ago โ€ข 0 comments

This. is. massive! ๐Ÿฅโœจ Meet the Wiz Vulnerability Databaseโ€”for CVEs that actually matter in the cloud. AI-powered reports, expert insights & fix guidance. No fluff, just essentials. ๐Ÿ” Explore: wiz.io/vulnerabilit...

submitted 74 days ago โ€ข 0 comments

๐ŸŽ™๏ธ New #CryingOutCloud episode! ๐Ÿšจ @AmitaiCohen & @EdenKobyNaftali chat with @NirOhfeld on #IngressNightmare โ€” an unauth RCE in NGINX Ingress Controller. Listen now: ๐Ÿ podcasts.apple.com/us/podcast/i... ๐ŸŽง open.spotify.com/episode/0G1M...

submitted 75 days ago โ€ข 0 comments

#IngressNightmare: Wiz Research uncovers a critical vulnerability in Ingress-NGINX ๐Ÿšจ Wiz Research found a novel attack vector in one of Kubernetes's most fundamental projects, Ingress-NGINX, which is rated CVSS 9.8.

submitted 75 days ago โ€ข 2 comments

Its time to reveal the technical details: Breaking out of #NVIDIA containers ๐Ÿšจ Wiz Research has uncovered a critical security vulnerability (CVE-2024-0132) in the NVIDIA Container Toolkit, enabling container escape and full host compromise.

submitted 117 days ago โ€ข 1 comment

๐Ÿ“ข JUST DROPPED: Analyzing 150K+ cloud accounts, we took a deep dive into #AI adoption. And the results? Wild.

submitted 122 days ago โ€ข 2 comments

BREAKING: Internal #DeepSeek database publicly exposed ๐Ÿšจ Wiz Research has discovered "DeepLeak" - a publicly accessible ClickHouse database belonging to DeepSeek, exposing highly sensitive information, including secret keys, plain-text chat messages, backend details, and logs.

submitted 129 days ago โ€ข 1 comment

Why is everyone suddenly talking about #DeepSeek? ๐Ÿ‘€ Our new podcast features Gal Nagli from the Wiz Research team, breaking it down with Eden Naftali and @amitaico.bsky.social. ๐Ÿ”— Listen now: ๐Ÿ podcasts.apple.com/us/podcast/d... ๐ŸŽง open.spotify.com/episode/5HIP...

submitted 129 days ago โ€ข 0 comments

Toxic ex? bad. Toxic risk combinations? worse. Wiz helps you uncover and eliminate hidden risks with our Security Graph and agentless approach. ๐Ÿ‘‰ Learn more: www.wiz.io/blog/the-ana...

submitted 130 days ago โ€ข 0 comments

Drowning in cloud alert fatigue? Try the Zero Noise approachโ€”tailor alerts, refine detection, and never ignore alerts. Cut the noise and focus on what matters. ๐Ÿ’ก www.wiz.io/blog/the-zer...

submitted 132 days ago โ€ข 0 comments

๐Ÿ” Behavioral #IOCs are the future of cloud security. Learn how focusing on attacker behavior helps detect threats faster and more accurately.

submitted 144 days ago โ€ข 1 comment

๐Ÿšจ Exploitation alert: CVE-2024-50603 critical #RCE in #Aviatrix Controller under active attack! Patch now to prevent cryptojacking, backdoors, and AWS privilege escalation. Learn more ๐Ÿ‘‰ www.wiz.io/blog/wiz-res...

submitted 146 days ago โ€ข 0 comments

๐Ÿšจ Patch #Ivanti Connect Secure for critical remote code execution (CVE-2025-0282) and escalation (CVE-2025-0283). Upgrade to latest versions and use Integrity Checker Tool. Learn more: www.wiz.io/blog/cve-202...

submitted 150 days ago โ€ข 0 comments

๐Ÿšจ A hidden security risk: #SpringBoot Actuator misconfigurations ๐Ÿšจ Spring Boot Actuator is widely used in #Java applications. However, when misconfigured, it can expose sensitive data like API keys, passwords, and lead to RCE. ๐Ÿคฏ

submitted 153 days ago โ€ข 1 comment

๐Ÿšจ Wiz uncovered CVE-2024-43405, a bypass in #Nuclei enabling code execution. Fixed with #ProjectDiscovery. Update to v3.3.2+, Run tools in isolated environments! ๐Ÿ”— Learn more www.wiz.io/blog/nuclei-...

submitted 156 days ago โ€ข 0 comments

๐ŸŽ† Start the new year secure! #AWS OIDC integrations have vendor specific nuances that can lead to misconfigurations if setup incorrectly. We looked at over two dozen common integrations to learn what critical conditions are needed to avoid mistakes. ๐Ÿค“ Learn more: www.wiz.io/blog/avoidin...

submitted 158 days ago โ€ข 0 comments

@scottpiper.bsky.social explains how #AWS account vending differs from landing zones and why it's key to tackling #cloudsecurity challenges. ๐ŸŽ™๏ธ Watch: www.scworld.com/podcast-epis... ๐Ÿ“– Read more in our latest blog on it: www.wiz.io/blog/scaling...

submitted 159 days ago โ€ข 0 comments

๐ŸŽ™๏ธ Join our podcast season finale! Roy Reznik joins #cryingoutcloud to share his journey, Wiz's growth, scaling securely, AI's role, & more. ๐ŸŽง Listen now: ๐Ÿ podcasts.apple.com/us/podcast/c...

submitted 167 days ago โ€ข 0 comments

Did you know EC2s can have more than one IAM role? ๐Ÿ˜ฎ ๐Ÿ›ก๏ธ There are multiple magic IPs, files, and special values that can be used to obtain #AWS credentials. ๐Ÿ” Want to learn more? Read @scottpiper.bsky.social's deep dive ๐Ÿ‘‰ www.wiz.io/blog/the-man...

submitted 167 days ago โ€ข 0 comments

My summary of the top announcements from re:Invent for security teams. www.wiz.io/blog/top-aws...

submitted 179 days ago โ€ข 0 comments