It’s me, hi! I’m the problem, it’s me!
Detect and mitigate React2Shell (CVE-2025-55182), critical RCE vulnerability in React and Next.js exploited in the wild. Organizations should patch urgently.
Detect and mitigate malicious npm packages linked to the recent Shai-Hulud-style campaign. Over 25,000 affected repositories across ~350 unique users.
Detect and mitigate a critical supply chain compromise affecting over 100+ packages, organizations should act urgently.
Detect and mitigate a critical supply chain compromise affecting the Nx NPM Package. Organizations should act urgently.
Inside the Lazarus subgroup that’s hijacking cloud platforms, poisoning supply chains, and stealing billions in digital assets.
Detect and mitigate CVE-2025-5349, CVE-2025-5777, and CVE-2025-6543, Citrix Netscaler ADC and Gateway vulnerabilities being exploited in the wild. Organizations should patch urgently.
The Wiz Threat Research team has identified a widespread cryptojacking campaign targeting commonly used DevOps applications including Nomad and Consul.
Wiz Threat Research has observed exploitation in-the-wild of CVE-2025-4427 and CVE-2025-4428, the latest vulnerabilities affecting Ivanti Endpoint Manager Mobile (EPMM).
Check out our top podcast episode picks from the past year.
A supply chain attack on popular GitHub Action tj-actions/changed-files caused many repositories to leak their secrets. Discover how it unfolded and the steps to mitigate the risk.
Discover how behavioral cloud IOCs can expose malicious activity as we break down real-world examples to reveal actionable detection techniques.
The Wiz Incident Response team is currently responding to multiple incidents involving CVE-2024-50603, an Aviatrix Controller unauthenticated RCE vulnerability, that can lead to privileges escalation in the AWS control plane. Organizations should patch urgently.
Detect and mitigate CVE-2025-0282, a critical RCE vulnerability in Ivanti Connect Secure and CVE-2025-0283, exploited as 0day vulnerabilities in the wild. Organizations should patch urgently.
Supply chain attack in popular lottie-player library compromises websites with malicious Web3 wallet prompts – update or revert the library to avoid the compromised versions.
Detect and mitigate critical vulnerabilities (CVE-2024-9463, CVE-2024-9464, CVE-2024-9465, CVE-2024-9466, CVE-2024-9467) in Palo Alto Networks’ Expedition tool. Organizations should patch urgently.
Detect and mitigate CVE-2024-47076, CVE-2024-47175, CVE-2024-47176, and CVE-2024-47177 vulnerabilities impacting CUPS and IPP packages.
Strategies for tracking and defending against malicious activity and threats in the cloud using atomic indicators of compromise (IOCs).
Detect and mitigate CVE-2024-6387, a remote code execution vulnerability in OpenSSH. Organizations are advised to patch urgently.
Detect and mitigate CVE-2024-4577, a critical remote code execution vulnerability in PHP CGI. Organizations are advised to patch urgently.
Detect and mitigate CVE-2024-4040, a critical vulnerability in CrushFTP exploited in the wild. Organizations should patch urgently.
Detect and mitigate CVE-2024-3094, a critical supply chain compromise, affecting XZ Utils Data compression library. Organizations should patch urgently.
Detect and mitigate CVE-2024-27198 (CVSS score: 9.8) and CVE-2024-27199 (CVSS score: 7.3), authentication bypass vulnerabilities in JetBrains TeamCity.
Fortinet offers guidance to detect and mitigate CVE-2024-21762 and CVE-2024-23113, critical RCE vulnerabilities in FortiOS and FortiProxy, including guidance that organizations should patch urgently.
Detect and mitigate CVE-2023-46805, CVE-2024-21887, CVE-2024-21888 and CVE-2024-21893, critical vulnerabilities in Ivanti VPN products. Organizations should patch urgently, and government agencies are instructed to isolate Ivanti VPN instances.
Detect and mitigate “Leaky Vessels”, container escape vulnerabilities affecting runC and BuildKit. Learn how to prioritize patching and detect exploitation attempts in runtime.
Each member of the Crying out Cloud team at Wiz shares their top stories from the past year
Detect and mitigate CVE-2023-38545, a high severity buffer overflow vulnerability in cURL. Organizations should upgrade to the patched version.
Get the tl;dr on Wiz's methodology for cloud vulnerability triage in our new report, "The good, the bad, and the vulnerable."
Detect and mitigate CVE-2023-42115, and 5 more vulnerabilities in Exim. Organizations using affected configurations should mitigate and patch the vulnerabilities urgently.
Delving into CVE-2023-4863 and CVE-2023-5217 - critical vulnerabilities in libwebp and libvpx exploited in the wild.
Learn about the impact in cloud environments of CVE-2023-20593, a cross-process information leak vulnerability in AMD Zen 2 Processors.
Detect and mitigate CVE-2023-34362, a remote code execution vulnerability in MOVEit Transfer exploited in the wild. Organizations should patch urgently.
Detect and mitigate CVE-2023-32784, a vulnerability in KeePass which allows the extraction of the master password in cleartext from the application's memory.
Detect and mitigate CVE-2023-28252, EoP vulnerability exploited in the wild, and CVE-2023-21554, a critical RCE vulnerability. Organizations should patch urgently.
CVE-2023-25610 is a critical RCE vulnerability in FortiOS. This vulnerability is a buffer underwrite bug in the administrative interface which could allow a remote unauthenticated attacker to execute code using specially crafted requests. Affected customers should patch immediately.
Recent attacks leverage CVE-2021-21974 to install ransomware on VMWare ESXi servers. Security teams are advised to patch and stay vigilant for indicators of compromise.
Detect and mitigate CVE-2022-44877, a CentOS Control Web Panel (CWP) unauthenticated RCE exploited in the wild. Security teams are advised to patch urgently.
The developers of PyTorch (a popular machine-learning framework) recently identified a malicious dependency confusion attack on the open-source project. Security teams are advised to check for infected resources and rotate any exposed keys.
Critical RCE vulnerability found in Linux kernel's `ksmbd` module: remote attackers can execute code without authentication. The module is not enabled by default on most operating systems.
A new exploit method targeting CVE-2022-41080 and CVE-2022-41082 vulnerabilities in Exchange servers, which can bypass previous workarounds, has been discovered and exploited in the wild. Organizations should patch urgently.
