#Research

Sapir Federovsky

November 27, 2025

How OAuth tokens, JWT fields and Entra sign-in logs reveal attacker behavior, and how to turn those signals into reliable detections.

Hila Ramati, Merav Bar, Gal Benmocha, Gili Tikochinski

November 24, 2025

Detect and mitigate malicious npm packages linked to the recent Shai-Hulud-style campaign. Over 25,000 affected repositories across ~350 unique users.

Shay Berkovich, Rami McCarthy

November 10, 2025

How secure are top private AI companies? Find out from our scans and disclosures.

Rami McCarthy

October 15, 2025

Wiz Research has uncovered 550+ secrets hiding in plain sight. We worked with Microsoft to shut the door.

Yaara Shriki

October 7, 2025

Turning attacker insights into stronger cloud security protections.

Benny Isaacs, Nir Brakha

October 6, 2025

Wiz Research discovers vulnerability stemming from 13-year-old bug present in all Redis versions, used in 75% of cloud environments.

Danielle Aminov, Shahar Dorfman, Hila Ramati

October 6, 2025

How attackers exploit exposed databases for extortion—and the defenses that work.

Nir Ohfeld

September 30, 2025

Wiz and the leading CSPs are launching one of the largest hacking competitions ever to secure the open-source software powering the cloud ecosystem

Scott Piper

September 26, 2025

A closer look at LameHug, the Amazon Q Developer Extension compromise, s1ngularity, and PromptLock.

Hila Ramati, Gili Tikochinski

September 22, 2025

When common processes start asking the wrong questions

Danielle Aminov, Gili Tikochinski

September 19, 2025

Exploring how simple setup flaws become open doors for attackers—and what teams can do to shut them.

Gal Nagli, Alon Schindel

September 18, 2025

New research reveals four common security risks systematically affecting vibe-coded applications - with remediation strategies curated together with Lovable.