What Analyzing Hundreds of Thousands of Cloud Environments Taught Us About Data Exposure
Wiz Research reveals the latest cloud data security trends across hundreds of thousands of real-world environments.
#Research
How to Harden GitHub Actions: The Unofficial Guide
Build resilient GitHub Actions workflows with lessons from recent attacks.
Research Briefing: MCP Security
The present and future of security for the Model Context Protocol.
CPU_HU: Fileless cryptominer targeting exposed PostgreSQL with over 1.5K victims
Cloud environments at risk: Attackers target weak PostgreSQL instances with fileless cryptominer payloads.
IngressNightmare: CVE-2025-1974 - 9.8 Critical Unauthenticated Remote Code Execution Vulnerabilities in Ingress NGINX
Over 40% of cloud environments are vulnerable to RCE, likely leading to a complete cluster takeover.
How to use the new CloudTrail network activity events for AWS VPC Endpoints
Learn how AWS VPC Endpoint CloudTrail logs can help you troubleshoot endpoint policies and strengthen your network's security against data exfiltration.
New GitHub Action supply chain attack: reviewdog/action-setup
A supply chain attack on tj-actions/changed-files caused many repositories to leak their secrets over the weekend. Wiz Research has discovered an additional supply chain attack on reviewdog/actions-setup@v1, that may have contributed to the compromise of tj-actions/changed-files.
GitHub Action tj-actions/changed-files supply chain attack: everything you need to know
A supply chain attack on popular GitHub Action tj-actions/changed-files caused many repositories to leak their secrets. Discover how it unfolded and the steps to mitigate the risk.
Key Takeaways from the 2025 State of AI in the Cloud Report
From DeepSeek adoption to impact on security and governance.
2025 State of Code Security: Key Trends and Risks
Explore the key insights on code and cloud security risks shaping 2025.
How Wiz found a Critical NVIDIA AI vulnerability: Deep Dive into a container escape (CVE-2024-0132)
Technical details on a critical severity vulnerability (CVE-2024-0132) in NVIDIA Container Toolkit and GPU Operator, affecting cloud service providers .
Wiz Research Uncovers Exposed DeepSeek Database Leaking Sensitive Information, Including Chat History
A publicly accessible database belonging to DeepSeek allowed full control over database operations, including the ability to access internal data. The exposure includes over a million lines of log streams with highly sensitive information.