Context.ai OAuth Token Compromise
Compromised Context.ai OAuth tokens enabled attackers to perform a supply chain attack via trusted SaaS integrations. Learn how to assess the risk in your environment and how to prevent the next attack.
#Security
How to Harden GitHub Actions: An Updated Guide
Build resilient GitHub Actions workflows with lessons from recent attacks like TeamPCP and Axios.
Primer on GitHub Actions Security - Threat Model, Attacks and Defenses (Part 1/2)
Understanding and defending your GitHub Actions - from threat model to security controls.
Cloud Threats Retrospective 2026: What AI Changed (and What It Didn’t)
Insights from public incidents, cloud telemetry, and investigations into how cloud risk evolved in 2025
Twenty Years of Cloud Security Research
This post will look at the past 20 years of cloud security research, separating the two decades into eras with important milestones defined that resulted in the change of one era to the next.
The Year in Wiz Research: 2025 Most Read Blogs
A look back at the cloud security investigations and vulnerabilities that defined the year, from AI breakthroughs to supply chain shifts.
Snipping the Long Tail of Shai-Hulud 2.0
Wiz Research reveals the data behind Shai-Hulud's 2.0 long tail, the massive gap in cloud credential rotation, a potential link to the Trust Wallet incident, and how we finally "snipped the tail" on a month of ongoing infections.
MongoBleed (CVE-2025-14847) exploited in the wild: everything you need to know
Detect and mitigate CVE-2025-14847, an unauthenticated information leak vulnerability in MongoDB. Exploitation has been observed in the wild. Organizations should patch urgently.
Bringing Oracle Cloud Identity to Wiz
Unified visibility into OCI identities, permissions, and policies — mapped into Wiz’s Security Graph.
Top AWS re:Invent Announcements for Security Teams in 2025
The re:Invent announcements that are most impactful to security teams.
React2Shell (CVE-2025-55182): Everything You Need to Know About the Critical React Vulnerability
Detect and mitigate React2Shell (CVE-2025-55182), critical RCE vulnerability in React and Next.js exploited in the wild. Organizations should patch urgently.
Shai-Hulud 2.0 Aftermath: Trends, Victimology and Impact
A deeper look at the Shai-Hulud 2.0 supply chain attack: reviewing the infection spread, victimology, leaked secrets distribution, and community response so far.