Wiz io

Introducing Wiz for Exposure Management | Wiz Blog Wiz now supports exposure management across cloud, code, and on-prem – combining scanner data into one view to help teams prioritize and fix real risk.

Introducing... 🥁 Say hello to Wiz for Exposure Management! 🥳
Wiz for Exposure Management is a NEW way to unify, prioritize, and fix exposures everywhere it lives: in your cloud, code, and on-prem infrastructure.

Learn more: www.wiz.io/blog/wiz-for...

Breaking NVIDIA Triton: CVE-2025-23319 - A Vulnerability Chain Leading to AI Server Takeover | Wiz Blog Wiz Research discovers a critical vulnerability chain allowing unauthenticated attackers to take over NVIDIA's Triton Inference Server.

The breakdown:

- An internal memory name leaks in an error
- The public API gets turned against the backend
- And just like that, an attacker can take over the server

This puts #AI models, sensitive data, and entire environments at serious risk.

Full research → www.wiz.io/blog/nvidia-...

🚨 Wiz Research found a vulnerability chain in NVIDIA's open-source Triton Inference Server

What started as a small error message turned into something big:
A path to full remote code execution, no creds, no user interaction.

🏆 Can you escape a container & become THE ULTIMATE CLOUD SECURITY CHAMPION?

This month's scenario was crafted by Sagi Tzadik to explore container escape techniques, the same kinds of risks we'll be diving into at #BlackHat next week!

Challenge #2 👉
cloudsecuritychampionship.com/challenge/2

Critical Vulnerability in AI “Vibe Coding” platform Base44 | Wiz Blog New discovery underscores security implications of AI-powered development and the rise of “Vibe Coding” Platforms.

The bigger story>>
As AI dev explodes, it's now core infrastructure, shared risks mean shared responsibility (and impact) if security's skipped.

🧠 Full breakdown → www.wiz.io/blog/critica...

Enterprises could have had their internal tools, AI chatbots, and private propriety information exposed with a simple to exploit logic flaw. Our team responsibly disclosed the issue, and it was fixed by Base44 & Wix in under 24 hours.

Wiz Research just found a critical vulnerability in the popular vibe coding platform Base44, recently acquired by Wix, that could have allowed anyone to access private applications.

🚨 We found a critical vulnerability in the popular Vibe Coding Platform Base44: No password. No invite. Full access.

TraderTraitor: Deep Dive | Wiz Blog Inside the Lazarus subgroup that’s hijacking cloud platforms, poisoning supply chains, and stealing billions in digital assets

🪝 Lures: Fake recruiters, coding challenges, even job platforms
💰 Hits: $308M from DMM Bitcoin, $1.5B from Bybit 🔁 Angle: Cloud-native compromise—from npm to S3

Wiz Research breaks it down + shares IOCs: www.wiz.io/blog/north-k...

🚨 TraderTraitor: North Korea's cyber "traitor" inside the crypto world.
This hacking crew hijacks dev workflows, poisons open-source, and compromises cloud environments — all to steal billions in crypto.
Here's how they do it 🧵
www.wiz.io/blog/north-k...

🚨 New research: A cryptomining campaign is hijacking exposed PostgreSQL, hiding payloads in fake 404 pages, and abusing legit infra. Multiplatform, stealthy, and still active 👉
www.wiz.io/blog/soco404...

YouTube video by Wiz CISOs Making Cocktails - Special Guest: Andrew Cal (WestCap)

What do CISOs talk about over a cocktail? EVERYTHING.🍸

Ryan sits down for a real talk with Andrew from WestCap. And trust us, the conversation is just as strong as the tequila.

You've never seen CISOs like this...
Watch now🍹 >> www.youtube.com/watch?v=QRrt...

NVIDIAScape - NVIDIA AI Vulnerability (CVE-2025-23266) | Wiz Blog New critical vulnerability with 9.0 CVSS presents systemic risk to the AI ecosystem, carries widespread implications for AI infrastructure.

🚨 #NVIDIAscape: Your AI workloads might not be as safe as you think...
Wiz Research uncovered a 3-line container escape vulnerability in the NVIDIA Container Toolkit

That means root access to your models, data, and infra.

Full blog 👉 www.wiz.io/blog/nvidia-...

🧱 With just three lines of code, attackers can escape containers and gain full root access to the host. That's your models, data, and GPU workloads — exposed.

NVIDIA rated it 9.0. We think it's a sign: AI infra needs stronger walls.

🛠️ Full technical breakdown
👉 www.wiz.io/blog/nvidia-...

🚨 NEW RESEARCH: #NVIDIAscape AI vulnerability uncovered!

Wiz Research discovered a critical vulnerability (CVE-2025-23266) in the NVIDIA Container Toolkit, the glue connecting containers to GPUs across major cloud providers.

Live Talk: Security Minds from Riot Games, Microsoft & Wiz Crying Out Cloud · Episode

💡 Eden hosts Nichole Dove, @sherrod.bsky.social & @alonsch.bsky.social.
Cloud chaos, career confessions & the future of cybersecurity. This one hits different.

Listen now:
🍏 open.spotify.com/episode/6vGW...
🎧 podcasts.apple.com/us/podcast/l...
📺 www.youtube.com/watch?v=7Kwi...

WOOHOO! We are #1 in over 130 reports on #G2 this summer!☀️🍉

Huge G2 moment, and it's all thanks to you 💙
THANK YOU to our amazing Wizards and customers for your continued trust, feedback, and partnership. 🪄
www.wiz.io/lp/g2-grid-r...

MCP and LLM Security Research Briefing | Wiz Blog Explore the evolving Model Context Protocol (MCP), its security risks, and how to prepare for safe adoption as LLMs connect to external systems.

Synthesized 20+ sources and internal @wizsecurity.bsky.social expertise to come out with a comprehensive guide to MCP security

Today's options, and tomorrow's possibilities

www.wiz.io/blog/mcp-sec...

Hardening GitHub Actions: Lessons from Recent Attacks | Wiz Blog Build resilient GitHub Actions workflows with insights from real attacks, missteps to avoid, and security tips GitHub’s docs don’t fully cover.

In light of recent GitHub Actions incidents (Ultralytics, tj-actions...), I wrote up a practical guide to hardening for @wizsecurity.bsky.social

Covers permissions, secrets, 3rd-party Actions, ++

Use it to avoid learning these lessons the hard way:
www.wiz.io/blog/github-...

I had a lot of fun making this challenge. I wanted to do a cloud security challenge where the cloud infrastructure is secure (IMDSv2, data perimeters), but something still allows it to be hackable and you need to know some advanced AWS security tricks to abuse it. 🤫 Try it out!

Critical vulnerabilities in NetScaler ADC exploited in-the-wild: everything you need to know | Wiz Blog Detect and mitigate CVE-2025-5349, CVE-2025-5777, and CVE-2025-6543, Citrix Netscaler ADC and Gateway vulnerabilities being exploited in the wild. Organizations should patch urgently.

🚨 New vulnerabilities in #NetScaler (incl. a 0-day) are now exploited in the wild. 2 enable admin access via session theft. 3.5% of clouds exposed. POCs out.
Patch now.
🔍 Full breakdown → www.wiz.io/blog/critica...

🚨 Wiz spotted a JDWP RCE attack deploying a stealthy cryptominer within hours. Custom XMRig, no CLI flags, deep persistence.
Debug mode ≠ safe mode.
Read the full breakdown 👉 www.wiz.io/blog/exposed...

The Ultimate Cloud Security Championship | 12 Months × 12 Challenges Join our monthly cloud security CTF challenge, built by top Wiz researchers. Solve real-world scenarios and rise to the top of the leaderboard.

10k+ players have already joined the Ultimate Cloud Security Championship, and we're just getting started. 💥

🌍 Participants from 20+ countries
🔓 200+ have solved Challenge #1 by @scottpiper.bsky.social
🏆 Only the top make it to the leaderboard

Claim your spot → www.cloudsecuritychampionship.com

The Ultimate Cloud Security Championship | 12 Months × 12 Challenges Join our monthly cloud security CTF challenge, built by top Wiz researchers. Solve real-world scenarios and rise to the top of the leaderboard.

🚨THE ULTIMATE CLOUD SECURITY CHAMPIONSHIP begins today! 🥊

12 monthly challenges.
12 top researchers.
One leaderboard.

Challenge #1 is LIVE now, created by @scottpiper.bsky.social.
Solve challenges & climb the leaderboard 🏆

Think you've got what it takes? → cloudsecuritychampionship.com

Wiz Service Catalog: Align Cloud Sec with Services | Wiz Blog Get a shared, service-centric view of cloud risk. Empower devs, reduce friction, and speed remediation with Wiz’s Service Catalog.

📣 Just dropped: Wiz Service Catalog! 🛠️
A new way to organize cloud risk by the services your teams own. Reduce noise, align development and security, and remediate faster.
Now in public preview 👉 www.wiz.io/blog/wiz-ser...

🚨 We scanned GitHub and found *hundreds* of valid secrets, 4 of the top 5 were AI-related:
HuggingFace, Azure OpenAI, Weights & Biases, and Groq.

Read more:
www.wiz.io/blog/leaking...

Zero Critical Issues, Infinite Security Potential | Wiz Blog Over 50% of Wiz customers have reduced their cloud risk by reaching Zero Critical Issues

🎊 BIG MILESTONE 🎊

50% of Wiz customers have joined the Zero Critical Club, reaching 0 critical issues in the cloud.

We're celebrating every customer that made this happen - and setting the bar for what's next in cloud security.

www.wiz.io/blog/celebra...

The CVE Database: Curated Vulnerability Intelligence by Wiz | Wiz Wiz's CVE Database curates CVE data to create easy-to-navigate profiles that cover the entire vulnerability timeline, exploit scenarios, and mitigation steps.

🚨 REMINDER: The Wiz Vulnerability Database is live, and already used by 30,000+ cloud security pros.

Here's what's new >>
- 138,000+ CVEs in the database
- 1,500+ new CVEs added monthly
- New expert analysis from the Wiz Research team

Start exploring → wiz.io/vulnerability-database

Ivanti EPMM RCE Vulnerability Chain Exploited in the Wild | Wiz Blog Wiz Threat Research has observed exploitation in-the-wild of CVE-2025-4427 and CVE-2025-4428, the latest vulnerabilities affecting Ivanti Endpoint Manager Mobile (EPMM).

🚨 New Wiz research: Active exploitation of Ivanti EPMM flaws (CVE-2025-4427 & 4428) enables RCE in the wild.
Cloud systems are at risk; patch now.
Wiz customers can find pre-built detection queries in the Threat Intelligence Center.

Full details 👉 www.wiz.io/blog/ivanti-...

Crying out Cloud: Our Favorite Stories of 2024 | Wiz Blog Vulnerabilities, security incidents, and more. The Crying out Cloud team discusses our most interesting podcast episodes and newsletter editions of 2024.

From supply chain attacks to exposed AI infra, our podcast & newsletter were on 🔥 this year!
🎧 Thanks to everyone who joined us on Crying Out Cloud this year.

Dive into our top stories → www.wiz.io/blog/favorit...