#Security

Twenty Years of Cloud Security Research

marzo 13, 2026

This post will look at the past 20 years of cloud security research, separating the two decades into eras with important milestones defined that resulted in the change of one era to the next.

The Year in Wiz Research: 2025 Most Read Blogs

Wiz Threat Research

gennaio 30, 2026

A look back at the cloud security investigations and vulnerabilities that defined the year, from AI breakthroughs to supply chain shifts.

Snipping the Long Tail of Shai-Hulud 2.0

Rami McCarthy

dicembre 30, 2025

Wiz Research reveals the data behind Shai-Hulud's 2.0 long tail, the massive gap in cloud credential rotation, a potential link to the Trust Wallet incident, and how we finally "snipped the tail" on a month of ongoing infections.

MongoBleed (CVE-2025-14847) exploited in the wild: everything you need to know

Merav Bar, Amitai Cohen, Yaara Shriki, Gili Tikochinski

dicembre 28, 2025

Detect and mitigate CVE-2025-14847, an unauthenticated information leak vulnerability in MongoDB. Exploitation has been observed in the wild. Organizations should patch urgently.

Bringing Oracle Cloud Identity to Wiz

Snegha Ramnarayanan, Shani Gafni, Omer Mesika

dicembre 22, 2025

Unified visibility into OCI identities, permissions, and policies — mapped into Wiz’s Security Graph.

Top AWS re:Invent Announcements for Security Teams in 2025

Scott Piper

dicembre 8, 2025

The re:Invent announcements that are most impactful to security teams.

React2Shell (CVE-2025-55182): Everything You Need to Know About the Critical React Vulnerability

Gili Tikochinski, Merav Bar, Danielle Aminov

dicembre 3, 2025

Detect and mitigate React2Shell (CVE-2025-55182), critical RCE vulnerability in React and Next.js exploited in the wild. Organizations should patch urgently.

Shai-Hulud 2.0 Aftermath: Trends, Victimology and Impact

Shay Berkovich, Rami McCarthy

dicembre 1, 2025

A deeper look at the Shai-Hulud 2.0 supply chain attack: reviewing the infection spread, victimology, leaked secrets distribution, and community response so far.

3 OAuth TTPs Seen This Month — and How to Detect Them with Entra ID Logs

Sapir Federovsky

novembre 27, 2025

How OAuth tokens, JWT fields and Entra sign-in logs reveal attacker behavior, and how to turn those signals into reliable detections.

Shai-Hulud 2.0 Supply Chain Attack: 25K+ Repos Exposing Secrets

Hila Ramati, Merav Bar, Gal Benmocha, Gili Tikochinski

novembre 24, 2025

Detect and mitigate malicious npm packages linked to the recent Shai-Hulud-style campaign. Over 25,000 affected repositories across ~350 unique users.

When AI Becomes the Heart of Security: Powering a Future You Can Trust

Wiz Team

novembre 4, 2025

Helping teams see clearly, decide wisely, and move safely.

Securing Critical Infrastructure in the Cloud Era: A Policy and Technology Blueprint

Jennifer Thibodeau

ottobre 30, 2025

Why Securing Critical Infrastructure Requires a Modern Approach