The Wiz INtegration (WIN) Platform has come a long way in the year since it launched.

Paul Givan says details of 407 people mistakenly sent out included names, addresses and personal commentsThe education minister in Northern Ireland has “unreservedly” apologised after the personal...

The contract CvxRewardDistributor was exploited for 210K in value. This contracts job is to mint rewards for eligible stakers. When calling claimMultipleStaking on the contract, there is a...

KEY TAKEAWAYS StormBamboo successfully compromised an internet service provider (ISP) in order to poison DNS responses for target organizations. Insecure software update mechanisms were targeted...

On 2024-08-02, a campaign was reported, involving an unknown actor, gaining initial access via Software misconfig, while using Jupyter Notebook misconfig abuse, targeting Jupyter Notebook to...

UTF-8 is annoying to look at. Am I looking at the characters or the codepoints? So, Sonar source (after some research that would have benefited from this) built the UTF-8 Visualizer. Just adding...

Wiz is expanding our existing detection capabilities to include pattern-based malware detection using YARA rules written by the Wiz Research team

The Apache Foundation's OFBiz, an open-source Java-based ERP framework, addressed in May 2024 a critical security vulnerability (CVE-2024-32113) involving path traversal that could lead to remote...

Protecting your assets: the fundamentals of physical security and enterprise resilience at Wiz

What we know about the CrowdStrike BSOD outage.

How the market is evolving and why now, more than ever, you need a CNAPP.

Authored by Lakshya Mathur, Vallabh Chole & Abhishek Karnik Recently we witnessed one of the most significant IT disruptions in... The post The Scam Strikes Back: Exploiting the CrowdStrike Outage...

Microsoft researchers have discovered a vulnerability in ESXi hypervisors, identified as CVE-2024-37085. This flaw is being exploited by ransomware operators to gain full administrative access to...

Authored by Lakshya Mathur and Abhishek Karnik As the world gears up for the 2024 Paris Olympics, excitement is building,... The post Olympics Has Fallen – A Misinformation Campaign Featuring a...

Terrorist groups are increasingly using cyberspace and digital communication channels to plan and execute attacks. Yesterday Federal Bureau of Investigation (FBI) Director Christopher Wray...

Discover how Wiz extends its existing RBAC with the Custom Roles feature, enabling you to tailor user permissions, maintain security, and stay aligned with business needs.

Phishing kits are "as-a-service" tools that help threat actors rapidly deploy phishing pages and campaigns. This blog examines key components, how they work, helpful resources, and a dive into the...

Officials seized documents from NSO Group to try to stop handover of information about notorious hacking tool, files suggestThe Israeli government took extraordinary measures to frustrate a...

Wiz researchers discover ongoing threat to popular testing framework.

The threat group USDoD posted on a dark web forum on July 24th to claim they’ve got hold of a large database of threat actors compiled by CrowdStrike. So far, the threat actor has released only a...

On 2024-07-25, an incident was reported, involving IntelBroker, gaining initial access via 1-day vulnerability, while using Network lateral movement, SSH key compromise, Local privilege escalation...

Wiz Research has detected an ongoing threat campaign dubbed “SeleniumGreed” that exploits exposed Selenium Grid services to deploy cryptominers. Selenium is a popular open-source suite used for...

Wiz is excited to announce "Prompt Airlines," a new cloud security Capture The Flag (CTF) event focused on AI vulnerabilities.

In November 2023, while conducting a security assessment on a client’s instance of the Oracle Integration Cloud Platform, I discovered a medium severity vulnerability nestled within the handling...

TL;DR In my previous blog post, I showed the impact that an unregistered reply URL can have in an Azure tenant and how to enumerate them for single tenant applications. This time, we take it one...

Every month, we bring you some of the key findings from Outpost24’s Threat Intelligence team, KrakenLabs. Here’s what you need to know from July. Threat actor of the month: Volcano demon –...

The authors decided to take a look at the TP-Link ER605 router and attack it from the WAN network. When looking at the attack surface, they decided to check out the dynamic DNS (DDNS) provider...

In the wide world of technology, there are many different byte encoding standards such as UTF-8, UTF-16 and Big5. In particular, we need a way to map bytes to characters. When we do this, there is...

LiFi is a DEX aggregation protocol. Recently, they added a new contract to the code. This contract took in input for a swap but allowed the calling of an arbitrary address with arbitrary data...

Secure your code and the entire development pipeline with the Wiz Security Graph, comprehensive configuration checks, and advanced code scanning.