The Year in Wiz Research: 2025 Most Read Blogs
A look back at the cloud security investigations and vulnerabilities that defined the year, from AI breakthroughs to supply chain shifts.
#Security
Snipping the Long Tail of Shai-Hulud 2.0
Wiz Research reveals the data behind Shai-Hulud's 2.0 long tail, the massive gap in cloud credential rotation, a potential link to the Trust Wallet incident, and how we finally "snipped the tail" on a month of ongoing infections.
MongoBleed (CVE-2025-14847) exploited in the wild: everything you need to know
Detect and mitigate CVE-2025-14847, an unauthenticated information leak vulnerability in MongoDB. Exploitation has been observed in the wild. Organizations should patch urgently.
Bringing Oracle Cloud Identity to Wiz
Unified visibility into OCI identities, permissions, and policies — mapped into Wiz’s Security Graph.
Top AWS re:Invent Announcements for Security Teams in 2025
The re:Invent announcements that are most impactful to security teams.
React2Shell (CVE-2025-55182): Everything You Need to Know About the Critical React Vulnerability
Detect and mitigate React2Shell (CVE-2025-55182), critical RCE vulnerability in React and Next.js exploited in the wild. Organizations should patch urgently.
Shai-Hulud 2.0 Aftermath: Trends, Victimology and Impact
A deeper look at the Shai-Hulud 2.0 supply chain attack: reviewing the infection spread, victimology, leaked secrets distribution, and community response so far.
3 OAuth TTPs Seen This Month — and How to Detect Them with Entra ID Logs
How OAuth tokens, JWT fields and Entra sign-in logs reveal attacker behavior, and how to turn those signals into reliable detections.
Shai-Hulud 2.0 Supply Chain Attack: 25K+ Repos Exposing Secrets
Detect and mitigate malicious npm packages linked to the recent Shai-Hulud-style campaign. Over 25,000 affected repositories across ~350 unique users.
When AI Becomes the Heart of Security: Powering a Future You Can Trust
Helping teams see clearly, decide wisely, and move safely.
Securing Critical Infrastructure in the Cloud Era: A Policy and Technology Blueprint
Why Securing Critical Infrastructure Requires a Modern Approach
How CISOs Should Plan Security Budgets for 2026
Build a defensible 2026 security budget with data, not guesswork. We share practical tips, ROI levers, and fresh insights from our survey of 300+ CISOs and security leaders.