Featured
Beyond Findings: Connecting Exploitable Risk to Cloud Context with Wiz and HackerOne
See proven, exploitable risk in the context of your full cloud environment
Blog
Fragnesia: Linux Kernel Local Privilege Escalation via ESP-in-TCP
A new page-cache corruption vulnerability in the Dirty Frag family enables unprivileged local attackers to achieve root
Introducing Wiz Audit History: Track Every Change Across your Environment
Wiz Audit History is now GA, providing a continuous, cross-cloud timeline of changes to resource configurations and findings to accelerate incident response and simplify compliance.
Mini Shai-Hulud Strikes Again: TanStack + more npm Packages Compromised
Detect and mitigate malicious npm packages linked to the latest Mini Shai-Hulud supply chain campaign targeting high-value developer tooling.
Wiz at Wiz: Reducing Risk through Service Ownership
How Wiz security uses Service Catalog to turn cloud risk into service ownership
A Framework for AI Threat Readiness
AI models now find and exploit zero-days autonomously. This 4-pillar framework accelerates patching, analysis, and threat response.
See and Secure Everything at the Edge with Wiz and Akamai
Akamai edge configurations are now visible on the Wiz Security Graph, giving teams a single understanding of risk from edge to runtime
Dirty Frag: Linux Kernel Local Privilege Escalation via ESP and RxRPC
Unpatched kernel flaw chain (CVE-2026-43284, CVE-2026-43500) enables root escalation on major Linux distributions.
Build Fast, Build Secure: Wiz findings are now in Lovable
With Wiz in Lovable, every builder can catch and fix risks in real time, keeping apps secure as they’re created
It's Time to Go After Achieving Zero Code Criticals
Ready to hit Zero Code Criticals? Here's how Wiz helps you get there and stay there, with the badge to prove you did.
The Jenkins Threat Landscape
What usage patterns, plugin adoption, and configuration choices reveal about the Jenkins attack surface.
Critical Buffer Overflow Vulnerability in PAN-OS Exploited in-the-Wild
Detect and mitigate CVE-2026-0300, a critical vulnerability in Palo Alto Networks PAN-OS User-ID Authentication Portal that allows unauthenticated attackers to achieve remote code execution (RCE) with root privileges.
Introducing Penetration Test Findings: Unified Offensive Security in Wiz
Streamline pen-testing by unifying findings from bug bounties, manual audits, and Wiz Red Agent into a single, context-rich view.
Practical Package Security: The Unofficial Guide
Get actionable best practices to shrink your attack surface, protect execution environments, control package ingestion, and catch compromises early.
From Foundation to Force: Your Guide to Operationalizing Wiz at Scale
Following your foundation, operationalize Wiz across development, detection and response, and program maturity so your security program never stops getting stronger.
Meet Wiz for M365: Bringing SaaS into the Security Graph
Secure Microsoft 365 and the cloud it powers — one platform, one graph, complete context.
Copy Fail: Universal Linux Local Privilege Escalation Vulnerability
Detect and mitigate Copy Fail (CVE-2026-31431), an easily exploitable vulnerability in the Linux kernel that allows escalation from an unprivileged local user account to root access.
Red Agent and Claude Opus: Securing Production Targets at Scale
Delivering enterprise-grade continuous AI-powered risk assessment to hundreds of customers through the combined power of Wiz and Anthropic
The (In)security Landscape of AI-Powered GitHub Actions (Part 2/2)
When AI meets CI/CD: permission bypasses, prompt injection, and what to do about it.
Key Takeaways from the 2026 State of AI in the Cloud Report
How AI Adoption, Autonomy, and Attacker Innovation Are Reshaping Cloud Security
Supply Chain Campaign Targets SAP npm Packages with Credential-Stealing Malware
Detect and mitigate malicious npm packages linked to the recent Shai-Hulud-style campaign - Mini Shai Hulud.
Wiz Code Week Recap: Securing AI Native Development
Providing Application Security teams with visibility and guardrails to secure agentic software development and the modern software supply chain
Modern Defensible Architecture: Resilience for the Australian Federal Government
How Wiz enables Australian government agencies to operationalise MDA with real-time context, zero trust enforcement, and end-to-end cloud visibility.
Securing GitHub: Wiz Research uncovers Remote Code Execution in GitHub.com and GitHub Enterprise Server (CVE-2026-3854)
Details on CVE-2026-3854: A critical flaw in GitHub’s internal git infrastructure enabling RCE on GitHub.com and GitHub Enterprise Server.
NIST NVD Update: What it Means For Vulnerability Management
The shift from static CVE scoring to risk-based prioritization signals a new era for Vulnerability Managers