#Research

Rami McCarthy

October 15, 2025

Wiz Research has uncovered 550+ secrets hiding in plain sight. We worked with Microsoft to shut the door.

Yaara Shriki

October 7, 2025

Turning attacker insights into stronger cloud security protections.

Benny Isaacs, Nir Brakha

October 6, 2025

Wiz Research discovers vulnerability stemming from 13-year-old bug present in all Redis versions, used in 75% of cloud environments.

Danielle Aminov, Shahar Dorfman, Hila Ramati

October 6, 2025

How attackers exploit exposed databases for extortion—and the defenses that work.

Nir Ohfeld

September 30, 2025

Wiz and the leading CSPs are launching one of the largest hacking competitions ever to secure the open-source software powering the cloud ecosystem

Scott Piper

September 26, 2025

A closer look at LameHug, the Amazon Q Developer Extension compromise, s1ngularity, and PromptLock.

Hila Ramati, Gili Tikochinski

September 22, 2025

When common processes start asking the wrong questions

Danielle Aminov, Gili Tikochinski

September 19, 2025

Exploring how simple setup flaws become open doors for attackers—and what teams can do to shut them.

Gal Nagli, Alon Schindel

September 18, 2025

New research reveals four common security risks systematically affecting vibe-coded applications - with remediation strategies curated together with Lovable.

Merav Bar, Rami McCarthy, Barak Sharoni

September 16, 2025

Detect and mitigate a critical supply chain compromise affecting over 100+ packages, organizations should act urgently.

Hila Ramati, Gal Benmocha, Danielle Aminov

September 9, 2025

A deeper look at the npm debug/chalk supply-chain incident: deobfuscating the wallet-hijacking browser interceptor, quantifying the ~2-hour exposure with Wiz telemetry (~99% package prevalence, ~10% malware presence), and unpacking what made it spread so fast.

Itay Harel, Hila Ramati

September 4, 2025

Exposed cloud credentials become the launchpad for mass phishing, highlighting email services as a prime target in cloud exploitation campaigns.