Featured
Introducing HoneyBee: How We Automate Honeypot Deployment for Threat Research
Turning attacker insights into stronger cloud security protections.
Blog
RediShell: Critical Remote Code Execution Vulnerability (CVE-2025-49844) in Redis, 10 CVSS score
Wiz Research discovers vulnerability stemming from 13-year-old bug present in all Redis versions, used in 75% of cloud environments.
Defending against database ransomware attacks
How attackers exploit exposed databases for extortion—and the defenses that work.
AI Security 101: Mapping the AI Attack Surface
A practical guide to the risks, blind spots, and protections every security team needs to know.
Introducing zeroday.cloud: First-of-its-kind cloud and AI hacking competition
Wiz and the leading CSPs are launching one of the largest hacking competitions ever to secure the open-source software powering the cloud ecosystem
Unifying Cloud Risk and Network Defense: Wiz and Check Point
Bring network context into the Security Graph to enrich cloud visibility and strengthen posture
The emerging use of malware invoking AI
A closer look at LameHug, the Amazon Q Developer Extension compromise, s1ngularity, and PromptLock.
Wiz achieves FedRAMP High authorization
Unified cloud security without compromise, delivering commercial features to sensitive government systems
Wiz + HCP Terraform: Close the IaC-to-Cloud Infrastructure Security Gap
Announcing the GA of our HCP Terraform connector, featuring new zero-configuration code-to-cloud mapping that traces any cloud risk back to its source.
IMDS Abused: Hunting Rare Behaviors to Uncover Exploits
When common processes start asking the wrong questions
Beyond CVEs: The Exploitation of Everyday Misconfigurations
Exploring how simple setup flaws become open doors for attackers—and what teams can do to shut them.
Wiz Research Discovers One in Five Organizations Exposed to Systemic Risks in Vibe-Coded Applications - Here's How to Secure Them
New research reveals four common security risks systematically affecting vibe-coded applications - with remediation strategies curated together with Lovable.
Introducing Wiz Incident Response: Your Expert Partner for Cloud Security Incidents
Announcing the public preview of Wiz’s in-house Incident Response service—empowering customers to investigate, contain, and resolve cyber incidents with confidence
Shai-Hulud: Ongoing Package Supply Chain Worm Delivering Data-Stealing Malware
Detect and mitigate a critical supply chain compromise affecting over 100+ packages, organizations should act urgently.
DORA Compliance in the Cloud Era: Insights from Deloitte and Wiz
How to address DORA compliance challenges with Wiz and Deloitte.
How Wiz Customers like Brex and FICO See AI Changing Security
Executives from Brex and FICO share how AI is reshaping security strategies.
Wiz Recognized as a Leader in the 2025 IDC MarketScape for ASPM
We believe recognition in the IDC MarketScape for ASPM reflects our commitment to redefining how modern/cloud and AI-native applications are built and secured.
Widespread npm Supply Chain Attack: Breaking Down Impact & Scope Across Debug, Chalk, and Beyond
A deeper look at the npm debug/chalk supply-chain incident: deobfuscating the wallet-hijacking browser interceptor, quantifying the ~2-hour exposure with Wiz telemetry (~99% package prevalence, ~10% malware presence), and unpacking what made it spread so fast.
WizOS Is Here: Transforming Container Security from the Image Up
WizOS is in public preview starting today, enabling Wiz customers to adopt and operationalize secured images at scale.
From Compromised Keys to Phishing Campaigns: Inside a Cloud Email Service Takeover
Exposed cloud credentials become the launchpad for mass phishing, highlighting email services as a prime target in cloud exploitation campaigns.
s1ngularity's Aftermath: AI, TTPs, and Impact in the Nx Supply Chain Attack
A deeper look at the Nx supply chain attack: analyzing the performance of AI-powered malware, calculating incident impact, and sharing novel TTPs for further investigation.
s1ngularity: supply chain attack leaks secrets on GitHub: everything you need to know
Detect and mitigate a critical supply chain compromise affecting the Nx NPM Package. Organizations should act urgently.
Secrets Found. Owners Identified. Issues Fixed.
Wiz closes the loop on exposed secrets with blast radius context, ownership intelligence, and actionable, AI-powered fixes.
Unpacking the 2025 Gartner Market Guide for CNAPP
From siloed tools to a unified platform: Key takeaways from Gartner's new CNAPP report.
A new type of long-lived key on AWS: Bedrock API keys
New AWS Bedrock keys simplify authentication while raising security considerations.