Unmasking the Attacker's Playbook: Dissecting Software Supply Chain Threats with Wiz Research and Proactive Cloud Defense

The cybersecurity landscape is rapidly evolving, with sophisticated adversaries increasingly targeting complex software supply chains, developer tools, and critical cloud infrastructure. Join Wiz’s Head of Vulnerability Research and Product Marketing as they dissect the most critical threats and campaigns observed by Wiz Research. We will delve into real-world examples, including recent widespread compromises of NPM packages like the "Shai-Hulud" campaign, GitHub Actions supply chain attacks, and findings of over 500 leaked secrets in VS Code extensions, exposing thousands of installs to risk. These incidents highlight a critical shift in attacker tactics and the urgent need for robust, proactive defense strategies.Moving beyond reactive measures, this session will demonstrate how Wiz’s unified cloud security platform empowers security teams to proactively manage this evolving threat landscape. We’ll explore advanced capabilities in Attack Surface Management (ASM) for comprehensive visibility into external exposures and exploitability validation. Discover how Wiz Exposure Management unifies vulnerability findings across cloud, code, and on-prem, leveraging the Wiz Security Graph for contextual prioritization and owner-driven remediation. Furthermore, we’ll showcase Wiz Defend’s advanced Runtime capabilities, highlighting real-time threat detection and rapid response against sophisticated cloud-native attacks through the eBPF-powered Wiz Sensor, deep workload visibility, and behavioral anomaly detection, including protection against container escapes. Attendees will gain actionable insights into transforming their defense posture from code to runtime against today's most dangerous supply chain threats.