Beyond CVEs: The Exploitation of Everyday Misconfigurations
Exploring how simple setup flaws become open doors for attackers—and what teams can do to shut them.
#Research
Wiz Research Discovers One in Five Organizations Exposed to Systemic Risks in Vibe-Coded Applications - Here's How to Secure Them
New research reveals four common security risks systematically affecting vibe-coded applications - with remediation strategies curated together with Lovable.
Shai-Hulud: Ongoing Package Supply Chain Worm Delivering Data-Stealing Malware
Detect and mitigate a critical supply chain compromise affecting over 100+ packages, organizations should act urgently.
Widespread npm Supply Chain Attack: Breaking Down Impact & Scope Across Debug, Chalk, and Beyond
A deeper look at the npm debug/chalk supply-chain incident: deobfuscating the wallet-hijacking browser interceptor, quantifying the ~2-hour exposure with Wiz telemetry (~99% package prevalence, ~10% malware presence), and unpacking what made it spread so fast.
From Compromised Keys to Phishing Campaigns: Inside a Cloud Email Service Takeover
Exposed cloud credentials become the launchpad for mass phishing, highlighting email services as a prime target in cloud exploitation campaigns.
s1ngularity's Aftermath: AI, TTPs, and Impact in the Nx Supply Chain Attack
A deeper look at the Nx supply chain attack: analyzing the performance of AI-powered malware, calculating incident impact, and sharing novel TTPs for further investigation.
s1ngularity: supply chain attack leaks secrets on GitHub: everything you need to know
Detect and mitigate a critical supply chain compromise affecting the Nx NPM Package. Organizations should act urgently.
A new type of long-lived key on AWS: Bedrock API keys
New AWS Bedrock keys simplify authentication while raising security considerations.
Breaking NVIDIA Triton: CVE-2025-23319 - A Vulnerability Chain Leading to AI Server Takeover
Wiz Research discovers a critical vulnerability chain allowing unauthenticated attackers to take over NVIDIA's Triton Inference Server.
Wiz Research Uncovers Critical Vulnerability in AI Vibe Coding platform Base44 Allowing Unauthorized Access to Private Applications
New discovery underscores security implications of AI-powered development and the rise of Vibe Coding Platforms
TraderTraitor: Deep Dive
Inside the Lazarus subgroup that’s hijacking cloud platforms, poisoning supply chains, and stealing billions in digital assets.
Soco404: Multiplatform Cryptomining Campaign Uses Fake Error Pages to Hide Payload
Wiz Research has identified a new iteration of a broader malicious cryptomining campaign, which we’ve dubbed Soco404.