2025 State of Code Security: Key Trends and Risks
Explore the key insights on code and cloud security risks shaping 2025.
#Research
How Wiz found a Critical NVIDIA AI vulnerability: Deep Dive into a container escape (CVE-2024-0132)
Technical details on a critical severity vulnerability (CVE-2024-0132) in NVIDIA Container Toolkit and GPU Operator, affecting cloud service providers .
Wiz Research Uncovers Exposed DeepSeek Database Leaking Sensitive Information, Including Chat History
A publicly accessible database belonging to DeepSeek allowed full control over database operations, including the ability to access internal data. The exposure includes over a million lines of log streams with highly sensitive information.
Securing the Container Frontier: Kubernetes Trends Report 2025 Preview
From rapid-fire attack attempts to evolving defense strategies, our Kubernetes Security Report paints a vivid picture of a dynamic landscape. Check out the preview here.
Tracking cloud-fluent threat actors - Part two: Behavioral cloud IOCs
Discover how behavioral cloud IOCs can expose malicious activity as we break down real-world examples to reveal actionable detection techniques.
Wiz Research Identifies Exploitation in the Wild of Aviatrix Controller RCE (CVE-2024-50603)
The Wiz Incident Response team is currently responding to multiple incidents involving CVE-2024-50603, an Aviatrix Controller unauthenticated RCE vulnerability, that can lead to privileges escalation in the AWS control plane. Organizations should patch urgently.
CVE-2025-0282 and CVE-2025-0283: Critical Ivanti 0days Exploited in the Wild
Detect and mitigate CVE-2025-0282, a critical RCE vulnerability in Ivanti Connect Secure and CVE-2025-0283, exploited as 0day vulnerabilities in the wild. Organizations should patch urgently.
Breaking the Chain: Wiz Uncovers a Signature Verification Bypass in Nuclei, the Popular Vulnerability Scanner (CVE-2024-43405)
Wiz’s engineering team discovered a high-severity signature verification bypass in Nuclei, one of the most popular open-source security tools, which could potentially lead to arbitrary code execution.
Avoiding mistakes with AWS OIDC integration conditions
Let’s explore some common missteps in securing your AWS OIDC.
The many ways to obtain credentials in AWS
Dive into the complexities of AWS IAM credentials and uncover how defenders can stay ahead with in-depth knowledge of SDK behaviors and service-specific mechanisms.
Unpacking Diicot - Evolving Campaign Targeting Linux Environments
Wiz Threat Research uncovered a new malware campaign targeting Linux environments attributed to the Diicot threat group.
Under the Radar: Exploring Spring Boot Actuator Misconfigurations
Wiz Threat Research investigates misconfigurations in Spring Boot Actuator’s endpoints that can leak environment variables, passwords, and API keys, and even lead to remote code execution.