From Compromised Keys to Phishing Campaigns: Inside a Cloud Email Service Takeover
Exposed cloud credentials become the launchpad for mass phishing, highlighting email services as a prime target in cloud exploitation campaigns.
#Research
s1ngularity's Aftermath: AI, TTPs, and Impact in the Nx Supply Chain Attack
A deeper look at the Nx supply chain attack: analyzing the performance of AI-powered malware, calculating incident impact, and sharing novel TTPs for further investigation.
s1ngularity: supply chain attack leaks secrets on GitHub: everything you need to know
Detect and mitigate a critical supply chain compromise affecting the Nx NPM Package. Organizations should act urgently.
A new type of long-lived key on AWS: Bedrock API keys
New AWS Bedrock keys simplify authentication while raising security considerations.
Breaking NVIDIA Triton: CVE-2025-23319 - A Vulnerability Chain Leading to AI Server Takeover
Wiz Research discovers a critical vulnerability chain allowing unauthenticated attackers to take over NVIDIA's Triton Inference Server.
Wiz Research Uncovers Critical Vulnerability in AI Vibe Coding platform Base44 Allowing Unauthorized Access to Private Applications
New discovery underscores security implications of AI-powered development and the rise of Vibe Coding Platforms
TraderTraitor: Deep Dive
Inside the Lazarus subgroup that’s hijacking cloud platforms, poisoning supply chains, and stealing billions in digital assets.
Soco404: Multiplatform Cryptomining Campaign Uses Fake Error Pages to Hide Payload
Wiz Research has identified a new iteration of a broader malicious cryptomining campaign, which we’ve dubbed Soco404.
SharePoint Vulnerabilities (CVE-2025-53770 & CVE-2025-53771): Everything You Need to Know
Detect and mitigate CVE-2025-53770 and CVE-2025-53771 - critical vulnerabilities in Microsoft SharePoint Server currently under active exploitation.
NVIDIAScape - Critical NVIDIA AI Vulnerability: A Three-Line Container Escape in NVIDIA Container Toolkit (CVE-2025-23266)
New critical vulnerability with 9.0 CVSS presents systemic risk to the AI ecosystem, carries widespread implications for AI infrastructure.
Critical vulnerabilities in NetScaler ADC exploited in-the-wild: everything you need to know
Detect and mitigate CVE-2025-5349, CVE-2025-5777, and CVE-2025-6543, Citrix Netscaler ADC and Gateway vulnerabilities being exploited in the wild. Organizations should patch urgently.
Exposed JDWP Exploited in the Wild: What Happens When Debug Ports Are Left Open
Understanding the risks and impact of deploying dev-mode in production environments