Exposed JDWP Exploited in the Wild: What Happens When Debug Ports Are Left Open
Understanding the risks and impact of deploying dev-mode in production environments
#Research
The Ultimate Cloud Security Championship | 12 Months × 12 Challenges
We’re excited to announce our latest cloud security challenge series.
Cloud Attacks Retrospective: Evolving Tactics, Familiar Entry Points
Let's break down eight attack patterns security teams should be watching in 2025.
Leaking Secrets in the Age of AI
How has AI-assisted development impacted secrets leakage? Learn the new patterns and emerging trends.
Lean and Mean: How We Fine-Tuned a Small Language Model for Secret Detection in Code
Building an efficient small language model for cybersecurity, from data prep to deployment
Rules Files for Safer Vibe Coding
Helping LLMs generate safer and more secure code through open-sourced rules files.
DevOps Tools Targeted for Cryptojacking
The Wiz Threat Research team has identified a widespread cryptojacking campaign targeting commonly used DevOps applications including Nomad and Consul.
Ivanti EPMM RCE Vulnerability Chain Exploited in the Wild
Wiz Threat Research has observed exploitation in-the-wild of CVE-2025-4427 and CVE-2025-4428, the latest vulnerabilities affecting Ivanti Endpoint Manager Mobile (EPMM).
What Analyzing Hundreds of Thousands of Cloud Environments Taught Us About Data Exposure
Wiz Research reveals the latest cloud data security trends across hundreds of thousands of real-world environments.
How to Harden GitHub Actions: The Unofficial Guide
Build resilient GitHub Actions workflows with lessons from recent attacks.
Research Briefing: MCP Security
The present and future of security for the Model Context Protocol.
CPU_HU: Fileless cryptominer targeting exposed PostgreSQL with over 1.5K victims
Cloud environments at risk: Attackers target weak PostgreSQL instances with fileless cryptominer payloads.