Featured
The many ways to obtain credentials in AWS
Dive into the complexities of AWS IAM credentials and uncover how defenders can stay ahead with in-depth knowledge of SDK behaviors and service-specific mechanisms.
Blog
Unpacking Diicot - Evolving Campaign Targeting Linux Environments
Wiz Threat Research uncovered a new malware campaign targeting Linux environments attributed to the Diicot threat group.
Under the Radar: Exploring Spring Boot Actuator Misconfigurations
Wiz Threat Research investigates misconfigurations in Spring Boot Actuator’s endpoints that can leak environment variables, passwords, and API keys, and even lead to remote code execution.
New Developments in LLM Hijacking Activity
Discover the latest in LLM hijacking activity, including a dive into the JINX-2401 campaign targeting AWS environments with IAM privilege escalation tactics.
Top AWS re:Invent Announcements for Security Teams in 2024
AWS re:Invent 2024 brought an avalanche of announcements, with over 500 updates since November. Let's spotlight the most impactful ones for security teams, from Resource Control Policies to centrally managed root access.
A Cloud-First Approach to Vulnerability Remediation: A Holistic Approach
Learn about how Wiz helps organizations operationalize vulnerability remediation with true code-to-cloud visibility
Wiz supports creation of new Japan tenants
Our ongoing commitment to the region continues with product support and leadership expansion.
Ultralytics AI Library Hacked via GitHub for Cryptomining
A supply chain attack on Ultralytics exploited GitHub Actions to inject malicious PyPI packages. Discover how it unfolded and the steps to mitigate the risk.
Wiz at Re:Invent 2024
See what’s new with Wiz at Re:Invent 2024 and learn about how Wiz and AWS continue to strengthen their strategic partnership, keeping AWS customers’ environments secure
Authorized Agility: Wiz adds Code Security in the FedRAMP offering (Wiz for Gov)
Wiz is excited to announce the addition of Wiz Code into our Wiz for Gov offering, enabling organizations to visualize attack paths from cloud-to-code and bring guardrails into the software development lifecycle.
Wiz Defend: Delivering the Promise of Cloud-Native Security Operations
A new approach to detect and respond to cloud-native threats
Introducing Wizdom Community: A New Era of Cloud Security Collaboration
Discover Wizdom: A vibrant community where cloud security professionals connect, collaborate, and lead the charge toward a safer digital future.
Wiz Defend is Here: Threat detection and response born for the cloud
Empower SecOps teams to stop incidents before they become breaches
How to use AWS Resource Control Policies
Unlock the Power of AWS Resource Control Policies: Enforce Security and Streamline Governance Across Your Organization.
Wiz collaborates with NVIDIA to advance ML research for data classification
Wiz Research taps Llama 3 model NVIDIA NIM microservices for sensitive data classification
Deloitte’s Cyber Cloud Managed Services (CCMS) - Enhance cyber posture with AWS and Wiz
Discover how Deloitte’s CCMS, powered by Wiz, enhances AWS cloud security with automated workflows, democratized risk management, and streamlined remediation to protect modern cloud environments.
Wiz observes exploitation in the wild of PAN-OS vulnerabilities
Detect and mitigate CVE-2024-0012 and CVE-2024-9474, PAN-OS vulnerabilities which Wiz Threat Research has observed being exploited in-the-wild. Organizations should patch urgently.
Wiz to acquire Dazz, transforming risk remediation from cloud to code
Together, we'll reinvent ASPM and code-to-cloud remediation.
Wiz Remediation and Response - Now available for Azure and GCP environments
Powerful new remediation and response capabilities enable the real-time enforcement of organizational security policies and streamline incident management.
Introducing The Champion Center: Operationalize and Measure Cloud Security Maturity Across Your Organization
Centralize security insights, scale adoption, and demonstrate measurable cloud security progress with Wiz
Kubernetes Audit Log “Gotchas”
How to overcome challenges and security gaps when using K8s audit logs for forensics and attack detection.
Introducing new Amazon Q Developer plugin for Wiz
New plugin enables AWS and Wiz customers to leverage generative AI to improve their cloud security posture
Making Sense of Kubernetes Initial Access Vectors Part 2 - Data Plane
Learn about Kubernetes data plane access, including applications running on the cluster, container images, and execution-as-a-service workload types.
Accelerating our commitment to Europe with even more investments
Wiz increases investments in products and presence for European customers by enabling support for AWS European Sovereign Cloud (ESC) and new regional headquarters.
Making Sense of Kubernetes Initial Access Vectors Part 1 – Control Plane
Explore Kubernetes control plane access vectors, risks, and security strategies to prevent unauthorized access and protect your clusters from potential threats.