Introducing Wiz ASM: Context-Driven Attack Surface Management
Wiz launches Attack Surface Scanner to bring context, ownership, and prioritization to every exposure, anywhere.
Gal Nagli
Gal Nagli の投稿
Wiz Research Discovers One in Five Organizations Exposed to Systemic Risks in Vibe-Coded Applications - Here's How to Secure Them
New research reveals four common security risks systematically affecting vibe-coded applications - with remediation strategies curated together with Lovable.
Wiz Research Uncovers Critical Vulnerability in AI Vibe Coding platform Base44 Allowing Unauthorized Access to Private Applications
New discovery underscores security implications of AI-powered development and the rise of Vibe Coding Platforms
Securing Cloud Databases: Best Practices with ClickHouse and Wiz
How to protect sensitive data in cloud-hosted databases with built-in security controls, best practices, and continuous risk monitoring.
GitHub Action tj-actions/changed-files supply chain attack: everything you need to know
A supply chain attack on popular GitHub Action tj-actions/changed-files caused many repositories to leak their secrets. Discover how it unfolded and the steps to mitigate the risk.
Wiz ResearchがDeepSeekの公開データベースを発見、チャット履歴を含む機密情報が流出
DeepSeekが所有する公開アクセス可能なデータベースにより、データベース操作を完全に制御できる状態になっており、内部データへのアクセスも可能でした。この漏えいには、100万行以上のログストリームが含まれており、極めて機密性の高い情報が含まれています。
Wiz Research Identifies Exploitation in the Wild of Aviatrix Controller RCE (CVE-2024-50603)
The Wiz Incident Response team is currently responding to multiple incidents involving CVE-2024-50603, an Aviatrix Controller unauthenticated RCE vulnerability, that can lead to privileges escalation in the AWS control plane. Organizations should patch urgently.
Supply chain attack on lottie-player: everything you need to know
Supply chain attack in popular lottie-player library compromises websites with malicious Web3 wallet prompts – update or revert the library to avoid the compromised versions.