Wiz

Our biggest reminder yet. ZERODAY.CLOUD. A first-of-its-kind, open-source cloud hacking competition. Help us find vulnerabilities in the critical open-source software that powers the cloud, and compete for your share of a $4.5M prize pool. This will be one of the largest hacking events ever! Register your exploit ➡️ www.zeroday.cloud

🎁 We're giving away 2,000 SHIFT LEFT keyboards ↓ Want one on your desk? 1. Like this post 2. Fill out the form >> https://lnkd.in/d8Rf2spi That's it! The keyboard is on its way 📦 — Why are we doing this? 👀 A secret game is coming… and the whole world is invited.

James Berthoty's Cloud Security Report is out, and here's the bottom line 👇 We are so honored that Wiz is named a Leader in Latio's NEW Cloud Security Report across Cloud Security, Code to Cloud, and Continuous Threat & Exposure Management. 🥇 📖 Full report:  https://lnkd.in/eT-AQqf7

🚨 NEW Wiz Research: Preempted VSCode Supply Chain Attack Wiz Research uncovered a widespread access token leak by VSCode extension publishers across both the official VSCode and Open VSX marketplaces, a major supply chain risk. 🔍 The Risk: Over 100 leaked tokens (PATs) could've let attackers push malicious updates to 185,000+ extension installs via auto-updates. 💡 The Fix: After reporting to MSRC, we partnered with Microsoft to add platform guardrails and alert publishers to secure their tokens. This finding underscores how: - Marketplaces remain high-risk zones for mass secrets exposure - Publisher tokens amplify supply chain threats exponentially 🔗 https://lnkd.in/dsA7Zj6f

Wizdom is 3 weeks away. Here's what 500+ security leaders are coming for: ⚡ Real stories from teams securing Fortune 500 clouds 🔮 Live demos of what we're building next 🛠️ Hands-on CTF challenge where you break into actual cloud environments Plus an executive track where CISOs are sharing what actually moves the needle on risk. Spots are disappearing fast. Join us → wiz.io/wizdom

We are LEADERS!🏆🍂 Wiz was named a Leader in 130+ G2 reports this fall, and we couldn't be more grateful (or more proud)!🍁 Massive thanks to our amazing Wizards and customers for making this magic happen. 💙 https://lnkd.in/db_pnZGZ

🤖 We're witnessing something unprecedented with AI agents: Malware that literally prompts ChatGPT, Claude, and other LLMs to write its own attack code. Live. On victim machines. Scott Piper highlights an emerging trend of attackers invoking AI from their payloads, giving recent examples, and discussing where this is leading. Full analysis: https://lnkd.in/eRGvix2Y

💥 Wiz Research has uncovered a critical Redis vulnerability that's been hiding for 13 years We found RediShell (CVE-2025-49844): an RCE bug in Redis that affects every version of Redis out there. It's rated CVSS 10 - the highest severity possible. The vulnerability lets attackers send a malicious Lua script, escape the sandbox, and execute code on the host. About 330,000 Redis instances are exposed to the internet right now. 60,000 have no authentication. Over 75% of cloud environments are running Redis. Redis released a patch this weekend and we responsibly disclosed everything upon discovery. Huge thanks to the Redis team for their fast response and collaboration ❤️ If you're running Redis: update immediately. Our blog has the full technical breakdown and security recommendations >> https://lnkd.in/dbQXPUee

Wiz Research analyzed a growing trend: attackers compromising databases using only legitimate commands - no malicious binaries required. The attack is straightforward: connect to misconfigured servers, copy data, wipe the database, leave ransom note. The data: → MongoDB accounts for 63% of successful attacks → PostgreSQL follows at 37% → 72% of exposed Redis instances lack proper authentication These attacks work because databases are often deployed with weak security defaults and accidentally exposed to the internet. How to prevent them? 🪄 Keep databases in private networks, enforce strong auth, and scan for misconfigurations before attackers do. — Our full research includes IOCs, attack patterns, and defense strategies. Read it here >> https://lnkd.in/dDfhztSv

AI is changing how we build software. And it's changing how we secure it 🎯 The AI attack surface looks *different* - it includes training data, models, APIs, and pipelines. The good news? Once you understand it, you can secure it. We put together a breakdown of the AI attack surface and 5 clear ways to reduce AI risk. Real examples, NO fluff. Just what security teams need to move fast and stay secure. Read the guide: https://lnkd.in/dw8VQvjB