Featured
Securing the Container Frontier: Kubernetes Trends Report 2025 Preview
From rapid-fire attack attempts to evolving defense strategies, our Kubernetes Security Report paints a vivid picture of a dynamic landscape. Check out the preview here.
Blog
Tracking cloud-fluent threat actors - Part two: Behavioral cloud IOCs
Discover how behavioral cloud IOCs can expose malicious activity as we break down real-world examples to reveal actionable detection techniques.
Wiz Recognized as a 2024 Customers’ Choice in Gartner® Peer Insights report.
Wiz named as a Customers’ Choice for Cloud Native Application Protection Platforms (CNAPP)
Wiz Research Identifies Exploitation in the Wild of Aviatrix Controller RCE (CVE-2024-50603)
The Wiz Incident Response team is currently responding to multiple incidents involving CVE-2024-50603, an Aviatrix Controller unauthenticated RCE vulnerability, that can lead to privileges escalation in the AWS control plane. Organizations should patch urgently.
Welcoming Our New CFO & President
Fazal Merchant joins our leadership team as we look to what lies ahead.
CVE-2025-0282 and CVE-2025-0283: Critical Ivanti 0days Exploited in the Wild
Detect and mitigate CVE-2025-0282, a critical RCE vulnerability in Ivanti Connect Secure and CVE-2025-0283, exploited as 0day vulnerabilities in the wild. Organizations should patch urgently.
2025 Cloud Security Predictions: Trends to Look Out for
Wizards share some of the cloud security trends to look out for in 2025.
Breaking the Chain: Wiz Uncovers a Signature Verification Bypass in Nuclei, the Popular Vulnerability Scanner (CVE-2024-43405)
Wiz’s engineering team discovered a high-severity signature verification bypass in Nuclei, one of the most popular open-source security tools, which could potentially lead to arbitrary code execution.
Avoiding mistakes with AWS OIDC integration conditions
Let’s explore some common missteps in securing your AWS OIDC.
The many ways to obtain credentials in AWS
Dive into the complexities of AWS IAM credentials and uncover how defenders can stay ahead with in-depth knowledge of SDK behaviors and service-specific mechanisms.
Unpacking Diicot - Evolving Campaign Targeting Linux Environments
Wiz Threat Research uncovered a new malware campaign targeting Linux environments attributed to the Diicot threat group.
Under the Radar: Exploring Spring Boot Actuator Misconfigurations
Wiz Threat Research investigates misconfigurations in Spring Boot Actuator’s endpoints that can leak environment variables, passwords, and API keys, and even lead to remote code execution.
New Developments in LLM Hijacking Activity
Discover the latest in LLM hijacking activity, including a dive into the JINX-2401 campaign targeting AWS environments with IAM privilege escalation tactics.
Top AWS re:Invent Announcements for Security Teams in 2024
AWS re:Invent 2024 brought an avalanche of announcements, with over 500 updates since November. Let's spotlight the most impactful ones for security teams, from Resource Control Policies to centrally managed root access.
A Cloud-First Approach to Vulnerability Remediation: A Holistic Approach
Learn about how Wiz helps organizations operationalize vulnerability remediation with true code-to-cloud visibility
Wiz supports creation of new Japan tenants
Our ongoing commitment to the region continues with product support and leadership expansion.
Ultralytics AI Library Hacked via GitHub for Cryptomining
A supply chain attack on Ultralytics exploited GitHub Actions to inject malicious PyPI packages. Discover how it unfolded and the steps to mitigate the risk.
Wiz at Re:Invent 2024
See what’s new with Wiz at Re:Invent 2024 and learn about how Wiz and AWS continue to strengthen their strategic partnership, keeping AWS customers’ environments secure
Authorized Agility: Wiz adds Code Security in the FedRAMP offering (Wiz for Gov)
Wiz is excited to announce the addition of Wiz Code into our Wiz for Gov offering, enabling organizations to visualize attack paths from cloud-to-code and bring guardrails into the software development lifecycle.
Wiz Defend: Delivering the Promise of Cloud-Native Security Operations
A new approach to detect and respond to cloud-native threats
Introducing Wizdom Community: A New Era of Cloud Security Collaboration
Discover Wizdom: A vibrant community where cloud security professionals connect, collaborate, and lead the charge toward a safer digital future.
Wiz Defend is Here: Threat detection and response born for the cloud
Empower SecOps teams to stop incidents before they become breaches
How to use AWS Resource Control Policies
Unlock the Power of AWS Resource Control Policies: Enforce Security and Streamline Governance Across Your Organization.
Wiz collaborates with NVIDIA to advance ML research for data classification
Wiz Research taps Llama 3 model NVIDIA NIM microservices for sensitive data classification
Deloitte’s Cyber Cloud Managed Services (CCMS) - Enhance cyber posture with AWS and Wiz
Discover how Deloitte’s CCMS, powered by Wiz, enhances AWS cloud security with automated workflows, democratized risk management, and streamlined remediation to protect modern cloud environments.