Shir Tamari

CI/CD pipelines, as an essential part of the software development process, are an attractive target to malicious actors. Based on our research of cloud environments, we share common misconfigurations and provide tips on how to remediate them in order to prevent supply-chain attacks.

How IBM Cloud caught us exploring its infrastructure and how a hardcoded secret eventually led to build artifact access and manipulation

How Wiz Research uncovered multiple related vulnerabilities in PostgreSQL-as-a-Service offerings from GCP, Azure, and others.

Wiz Research builds upon previous “OMIGOD” findings with a presentation at RSA Conference 2022; details how cloud middleware use across cloud service providers can expose customers' virtual machines to new attack vectors

Wiz Research discovers a chain of critical vulnerabilities in the widely used Azure Database for PostgreSQL Flexible Server.

Read about the NotLegit vulnerability discovered by the Wiz Research Team, where the Azure App Service exposed hundreds of source code repositories

In the pre-cloud era, the responsibility for security was fully in the hands of the users. As we uncover new types of vulnerabilities, we discover more and more issues that do not fit the current model. Solution: we need a centralized cloud vulnerabilities database.

Wiz CTO Ami Luttwak discusses a new class of vulnerabilities discovered by Wiz Research, which exposed valuable dynamic DNS data from millions of endpoints worldwide.

Cloud identity permissions are complex. So complex that innocent looking permissions provided to 3rd party vendors can lead to unintended exposure of all of your data.