Merav Bar

Gili Tikochinski, Danielle Aminov, Merav Bar

June 2, 2025

The Wiz Threat Research team has identified a widespread cryptojacking campaign targeting commonly used DevOps applications including Nomad and Consul.

Merav Bar, Shahar Dorfman, Gili Tikochinski

May 20, 2025

Wiz Threat Research has observed exploitation in-the-wild of CVE-2025-4427 and CVE-2025-4428, the latest vulnerabilities affecting Ivanti Endpoint Manager Mobile (EPMM).

Amitai Cohen, Merav Bar, Eden Naftali

April 9, 2025

Check out our top podcast episode picks from the past year.

Merav Bar, Shay Berkovich, Gal Nagli

March 15, 2025

A supply chain attack on popular GitHub Action tj-actions/changed-files caused many repositories to leak their secrets. Discover how it unfolded and the steps to mitigate the risk.

Merav Bar, Gili Tikochinski

January 15, 2025

Discover how behavioral cloud IOCs can expose malicious activity as we break down real-world examples to reveal actionable detection techniques.

Gal Nagli, Merav Bar, Gili Tikochinski, Shaked Tanchuma

January 11, 2025

The Wiz Incident Response team is currently responding to multiple incidents involving CVE-2024-50603, an Aviatrix Controller unauthenticated RCE vulnerability, that can lead to privileges escalation in the AWS control plane. Organizations should patch urgently.

Merav Bar

January 9, 2025

Detect and mitigate CVE-2025-0282, a critical RCE vulnerability in Ivanti Connect Secure and CVE-2025-0283, exploited as 0day vulnerabilities in the wild. Organizations should patch urgently.

Merav Bar, Gal Nagli, Danielle Aminov

October 31, 2024

Supply chain attack in popular lottie-player library compromises websites with malicious Web3 wallet prompts – update or revert the library to avoid the compromised versions.

Merav Bar, Gili Tikochinski

October 10, 2024

Detect and mitigate critical vulnerabilities (CVE-2024-9463, CVE-2024-9464, CVE-2024-9465, CVE-2024-9466, CVE-2024-9467) in Palo Alto Networks’ Expedition tool. Organizations should patch urgently.

Merav Bar, Scott Piper

September 29, 2024

Detect and mitigate CVE-2024-47076, CVE-2024-47175, CVE-2024-47176, and CVE-2024-47177 vulnerabilities impacting CUPS and IPP packages.

Merav Bar, Amitai Cohen

September 23, 2024

Strategies for tracking and defending against malicious activity and threats in the cloud using atomic indicators of compromise (IOCs).

Amitai Cohen, Gili Tikochinski, Merav Bar, Danielle Aminov

July 1, 2024

Detect and mitigate CVE-2024-6387, a remote code execution vulnerability in OpenSSH. Organizations are advised to patch urgently.

Merav Bar

June 10, 2024

Detect and mitigate CVE-2024-4577, a critical remote code execution vulnerability in PHP CGI. Organizations are advised to patch urgently.

Merav Bar, Gili Tikochinski

April 24, 2024

Detect and mitigate CVE-2024-4040, a critical vulnerability in CrushFTP exploited in the wild. Organizations should patch urgently.

Merav Bar, Amitai Cohen, Danielle Aminov

March 29, 2024

Detect and mitigate CVE-2024-3094, a critical supply chain compromise, affecting XZ Utils Data compression library. Organizations should patch urgently.

Merav Bar, Gili Tikochinski

March 6, 2024

Detect and mitigate CVE-2024-27198 (CVSS score: 9.8) and CVE-2024-27199 (CVSS score: 7.3), authentication bypass vulnerabilities in JetBrains TeamCity.

Amitai Cohen, Merav Bar

February 12, 2024

Fortinet offers guidance to detect and mitigate CVE-2024-21762 and CVE-2024-23113, critical RCE vulnerabilities in FortiOS and FortiProxy, including guidance that organizations should patch urgently.

Merav Bar, Amitai Cohen

February 6, 2024

Detect and mitigate CVE-2023-46805, CVE-2024-21887, CVE-2024-21888 and CVE-2024-21893, critical vulnerabilities in Ivanti VPN products. Organizations should patch urgently, and government agencies are instructed to isolate Ivanti VPN instances.

Merav Bar, Amitai Cohen, Itamar Gilad

February 5, 2024

Detect and mitigate “Leaky Vessels”, container escape vulnerabilities affecting runC and BuildKit. Learn how to prioritize patching and detect exploitation attempts in runtime.

Amitai Cohen, Merav Bar, Eden Naftali

January 16, 2024

Each member of the Crying out Cloud team at Wiz shares their top stories from the past year 

Merav Bar, Sagi Tzadik

October 11, 2023

Detect and mitigate CVE-2023-38545, a high severity buffer overflow vulnerability in cURL. Organizations should upgrade to the patched version.

Merav Bar, Amitai Cohen

October 10, 2023

Get the tl;dr on Wiz's methodology for cloud vulnerability triage in our new report, "The good, the bad, and the vulnerable."

Merav Bar

October 2, 2023

Detect and mitigate CVE-2023-42115, and 5 more vulnerabilities in Exim. Organizations using affected configurations should mitigate and patch the vulnerabilities urgently.

Merav Bar, Amitai Cohen

October 1, 2023

Delving into CVE-2023-4863 and CVE-2023-5217 - critical vulnerabilities in libwebp and libvpx exploited in the wild.

Amitai Cohen, Scott Piper, Merav Bar

July 26, 2023

Learn about the impact in cloud environments of CVE-2023-20593, a cross-process information leak vulnerability in AMD Zen 2 Processors.

Amitai Cohen, Merav Bar

June 4, 2023

Detect and mitigate CVE-2023-34362, a remote code execution vulnerability in MOVEit Transfer exploited in the wild. Organizations should patch urgently.

Merav Bar, Amitai Cohen

May 23, 2023

Detect and mitigate CVE-2023-32784, a vulnerability in KeePass which allows the extraction of the master password in cleartext from the application's memory.

Merav Bar, Amitai Cohen

April 13, 2023

Detect and mitigate CVE-2023-28252, EoP vulnerability exploited in the wild, and CVE-2023-21554, a critical RCE vulnerability. Organizations should patch urgently.

Merav Bar

March 13, 2023

CVE-2023-25610 is a critical RCE vulnerability in FortiOS. This vulnerability is a buffer underwrite bug in the administrative interface which could allow a remote unauthenticated attacker to execute code using specially crafted requests. Affected customers should patch immediately.

Merav Bar

February 7, 2023

Recent attacks leverage CVE-2021-21974 to install ransomware on VMWare ESXi servers. Security teams are advised to patch and stay vigilant for indicators of compromise.

Merav Bar

January 17, 2023

Detect and mitigate CVE-2022-44877, a CentOS Control Web Panel (CWP) unauthenticated RCE exploited in the wild. Security teams are advised to patch urgently.

Merav Bar

January 3, 2023

The developers of PyTorch (a popular machine-learning framework) recently identified a malicious dependency confusion attack on the open-source project. Security teams are advised to check for infected resources and rotate any exposed keys.

Merav Bar, Amitai Cohen

December 27, 2022

Critical RCE vulnerability found in Linux kernel's `ksmbd` module: remote attackers can execute code without authentication. The module is not enabled by default on most operating systems.

Merav Bar

December 22, 2022

A new exploit method targeting CVE-2022-41080 and CVE-2022-41082 vulnerabilities in Exchange servers, which can bypass previous workarounds, has been discovered and exploited in the wild. Organizations should patch urgently.