wizsecurity.bsky.social
Secure everything you build and run in the cloud
49 posts
91 followers
9 following
Prolific Poster
Conversation Starter
comment in response to
post
🔒 What should you do?
A patch is available.
Upgrade to version v1.12.1, v1.11.5 to protect your environment.
Wiz research has worked closely with the Kubernetes maintainers over the last couple of months to fully mitigate this attack surface
📝 For full technical details: wiz.io/blog/ingress...
comment in response to
post
🔑 What's at risk?
This vulnerability allows attackers to gain access to all secrets across all namespaces in a Kubernetes cluster — essentially enabling a cluster takeover.
comment in response to
post
Why does this matter?
Ingress-NGINX is found in over 40% of cloud environments. If you're using this project, your infrastructure could be at risk.
comment in response to
post
A huge thank you to the NVIDIA security team for their collaboration in addressing these issues!
Read more: www.wiz.io/blog/nvidia-...
comment in response to
post
🔍 Risk:
This CVE-2024-0132 flaw can allow attackers with control over a container image to escape the container and gain full access to the underlying host.
🛠 Mitigation steps:
✔️ Upgrade to NVIDIA Container Toolkit 1.17.4
✔️ Keep --no-cntlibs enabled in production
comment in response to
post
⚠️ The catch?
AI is scaling faster than security. Shadow AI is a growing risk, and incidents like Deepseek's recent data exposure of over 1 million records underscore the urgent need for visibility and governance.
Read our full State of AI in the Cloud report for 2025 >> www.wiz.io/state-of-ai-...
comment in response to
post
🔑 Key findings:
DeepSeek's R1 model release led DeepSeek model adoption to triple within days
Adoption of hosted AI technologies rose from 42% to 75% in the past year
85% of all organizations are now using either managed or self-hosted AI
comment in response to
post
Deepseeks' response to the findings 👇
comment in response to
post
📌 Takeaways for security teams
→ AI security starts with infrastructure: lock down databases & access controls.
→ Visibility is key: work closely with AI engineers to map out risks.
Read the full research 👇
www.wiz.io/blog/wiz-res...
comment in response to
post
Once we discovered the exposure, we promptly reported it to the DeepSeek team. Who promptly restricted public access and took the database off the internet.
comment in response to
post
🔍 How did we find it?
Following a simple recon on DeepSeek's public infrastructure, we discovered a publicly exposed ClickHouse database that was completely open and required no authentication at all.
comment in response to
post
Learn more on how to shifting focus on attacker behavior — ⚙️ like unusual permissions escalations or lateral movement patterns in our blog by
@merav-b.bsky.social & and Gili Tikochinski: www.wiz.io/blog/detecti...
comment in response to
post
👉 Learn more in our latest blog by @danielleaminov.bsky.social : www.wiz.io/blog/spring-...
comment in response to
post
Here's our blogpost summarizing this incident, though there are still a few unanswered questions regarding the offending GitHub user and whether (and how) they were compromised - www.wiz.io/blog/ultraly...