🚨 Vibe coding meets critical data exposure: The Moltbook Hack.

On this episode of Crying Out Cloud, Eden Koby Naftali & Amitai Cohen sit down with Wiz researcher Gal Nagli to unpack how he compromised the "Facebook for AI Agents" in under an hour ↓

👉🏼 How a simple boolean manipulation (valid: false to true) bypassed authentication
👉🏼 Cloud Database misconfigurations and the failure of Row Level Security (RLS)
👉🏼 How Claude Code was used to identify and exploit the vulnerability
The security reality of "Vibe Coding" and zero-manual-code applications

Hacking Moltbook with Gal Nagli

🚨 Everything you need to know about CodeBreach with Yuval Avrahami

On this episode of Crying Out Cloud, Eden Koby Naftali & Amitai Cohen sit down with Wiz researcher @Yuval Avrahami to unpack a major supply-chain flaw that put cloud environments at risk ↓

- Misconfigured CodeBuild instances used by AWS themselves
- One small regex mistake, huge consequences
- How an SDK used by the AWS Console could have been hijacked (!)
- The CI/CD controls that can mitigate this risk


CodeBreach: Hijacking the AWS Console with Yuval Avrahami

🎙️ Shai-Hulud, Shai-Hulud 2.0,  are you keeping up?

In this episode of Crying Out Cloud, Eden Koby Naftali & Amitai Cohen go deep into real-world cloud security incidents ↓

1) How Shai-Hulud evolved into Shai-Hulud 2.0
2) A vulnerability affecting Apache Tika
3) React2Shell and its implications
4) Gogs zero-day explained

You DONT want to miss this! This is a technical, concrete conversation focused on how attacks actually happen, how they evolve, and what defenders need to understand to keep up.

React2Shell, Shai-Hulud 2.0, Gogs Zero-Day & Tika RCE

Agentic AI is coming. Are defenders ready?

**Alon Schindel**, Director of Data & Threat Research at Wiz, joins **Eden** and **Amitai** for the **Season 3 Finale**. This isn't just a recap. It is a look at how top-tier research teams operate at speed. Alon explains why Wiz treats research as a "product" rather than a support function. He details the **"DeepLeak"** discovery where his team found thousands of exposed API keys mere hours after a platform's popularity spiked.

**What's Inside:**
* Agentic AI: Why 2026 will be the year AI starts taking action, not just chatting.
* Speed as a Weapon: How to shorten the time between a zero-day and a detection.
* Culture: The power of the "Table" and collaborative chaos.
* Retrospective: Lessons from IngressNightmare and the year in vulnerabilities.

Neuroscience, AI Research & Hiring Swifties with Alon Schindel

Ressourcen

Weitere Folgen

Hacking Moltbook with Gal Nagli

CodeBreach: Hijacking the AWS Console with Yuval Avrahami

React2Shell, Shai-Hulud 2.0, Gogs Zero-Day & Tika RCE

Crying Out Cloud Newsletter