Detect and mitigate CVE-2025-14847, an unauthenticated information leak vulnerability in MongoDB. Exploitation has been observed in the wild. Organizations should patch urgently.
How the Kenna sunset is giving security leaders the opportunity to outgrow vulnerability silos and adopt a unified exposure management model.
How Wiz AI-SPM delivers a complete view of exposed AI application endpoints — from Vibe Coding to MCP — and why that visibility matters.
Unified visibility into OCI identities, permissions, and policies — mapped into Wiz’s Security Graph.
ZDC awarded hackers $320,000 and uncovered a record‑breaking tally of critical CVEs for core cloud infrastructure, underscoring the scale and urgency of securing the open‑source software that underpins the modern cloud.
Wiz Threat Research has observed exploitation in-the-wild of CVE-2025-8110
How attackers are leveraging compromised employee GitHub Personal Access Tokens to compromise cloud environments.
The re:Invent announcements that are most impactful to security teams.
We break down the exploit mechanics and detail active in-the-wild attacks observed by our team, from credential harvesting to sophisticated cloud backdoors.
Detect and mitigate React2Shell (CVE-2025-55182), critical RCE vulnerability in React and Next.js exploited in the wild. Organizations should patch urgently.
Check out new product releases that help security and engineers work together to keep cloud environments secure
Modern code runs in complex and distributed cloud environments. Wiz SAST meets this complexity by correlating code flaws with real cloud context–including where workloads run, what they can access, and how exposed they are.
A milestone fueled by customer trust and a partnership built for scale.
Moving beyond CVE counts to true exposure management everywhere with new UVM and ASM capabilities, now GA
A deeper look at the Shai-Hulud 2.0 supply chain attack: reviewing the infection spread, victimology, leaked secrets distribution, and community response so far.
Give security and developers a shared view of cloud risk, aligned to the way applications are built and maintained.
WizOS is now GA to help every organization reduce CVEs and build on a trusted foundation.
How OAuth tokens, JWT fields and Entra sign-in logs reveal attacker behavior, and how to turn those signals into reliable detections.
Gain visibility into every technology in your environment and eliminate governance gaps.
Detect and mitigate malicious npm packages linked to the recent Shai-Hulud-style campaign. Over 25,000 affected repositories across ~350 unique users.
Wiz Defend Certification validates skills in cloud threat detection and response for SOC, IT, and security professionals.
Building a Foundation for Security and Compliance
Inaugural partner program reflects commitment to building an open, unified future for security.
Streamline Security Backlogs by Grouping Vulnerabilities, Secrets, and Data Findings into Posture Issues
Meet the SecOps AI Agent: AI-powered threat triage built on the Wiz platform. Investigate every threat with speed and transparency
