DevOps Tools Targeted for Cryptojacking
The Wiz Threat Research team has identified a widespread cryptojacking campaign targeting commonly used DevOps applications including Nomad and Consul.
Gili Tikochinski
You can do anything with regex
Gili Tikochinski Messaggi
Ivanti EPMM RCE Vulnerability Chain Exploited in the Wild
Wiz Threat Research has observed exploitation in-the-wild of CVE-2025-4427 and CVE-2025-4428, the latest vulnerabilities affecting Ivanti Endpoint Manager Mobile (EPMM).
CPU_HU: Fileless cryptominer targeting exposed PostgreSQL with over 1.5K victims
Cloud environments at risk: Attackers target weak PostgreSQL instances with fileless cryptominer payloads.
Tracking cloud-fluent threat actors - Part two: Behavioral cloud IOCs
Discover how behavioral cloud IOCs can expose malicious activity as we break down real-world examples to reveal actionable detection techniques.
Wiz Research Identifies Exploitation in the Wild of Aviatrix Controller RCE (CVE-2024-50603)
The Wiz Incident Response team is currently responding to multiple incidents involving CVE-2024-50603, an Aviatrix Controller unauthenticated RCE vulnerability, that can lead to privileges escalation in the AWS control plane. Organizations should patch urgently.
Unpacking Diicot - Evolving Campaign Targeting Linux Environments
Wiz Threat Research uncovered a new malware campaign targeting Linux environments attributed to the Diicot threat group.
Critical vulnerabilities in Palo Alto Expedition: everything you need to know
Detect and mitigate critical vulnerabilities (CVE-2024-9463, CVE-2024-9464, CVE-2024-9465, CVE-2024-9466, CVE-2024-9467) in Palo Alto Networks’ Expedition tool. Organizations should patch urgently.
Emerging phishing campaign targeting AWS accounts
Wiz Threat Research recently spotted a new phishing campaign targeting AWS accounts.
Introducing pattern-based agentless malware detection using YARA rules
Wiz is expanding our existing detection capabilities to include pattern-based malware detection using YARA rules written by the Wiz Research team
SeleniumGreed: Threat actors exploit exposed Selenium Grid services for Cryptomining
Wiz researchers discover ongoing threat to popular testing framework.
RCE vulnerability in OpenSSH: everything you need to know
Detect and mitigate CVE-2024-6387, a remote code execution vulnerability in OpenSSH. Organizations are advised to patch urgently.
Pause off my cluster: DERO cryptojacking takes a new shape
Learn how the threat actors behind the 2023 DERO cryptojacking campaign have adapted their techniques to evade detection, and the best practices for mitigation.
CVE-2024-4040 exploited in the wild: everything you need to know
Detect and mitigate CVE-2024-4040, a critical vulnerability in CrushFTP exploited in the wild. Organizations should patch urgently.
Authentication bypass vulnerabilities in TeamCity: everything you need to know
Detect and mitigate CVE-2024-27198 (CVSS score: 9.8) and CVE-2024-27199 (CVSS score: 7.3), authentication bypass vulnerabilities in JetBrains TeamCity.