Agentic Browser Security: 2025 Year-End Review
Are agentic browsers the new Flash? A 2025 review of new attacks, vendor security layers, and a roadmap for navigating AI browser risks.
Rami McCarthy
Rami aspires to work on Security, for the Internet, at Wiz
Rami McCarthy の投稿
Snipping the Long Tail of Shai-Hulud 2.0
Wiz Research reveals the data behind Shai-Hulud's 2.0 long tail, the massive gap in cloud credential rotation, a potential link to the Trust Wallet incident, and how we finally "snipped the tail" on a month of ongoing infections.
Shai-Hulud 2.0 Aftermath: Trends, Victimology and Impact
A deeper look at the Shai-Hulud 2.0 supply chain attack: reviewing the infection spread, victimology, leaked secrets distribution, and community response so far.
Exposure Report: 65% of Leading AI Companies Found with Verified Secret Leaks
How secure are top private AI companies? Find out from our scans and disclosures.
Dismantling a Critical Supply Chain Risk in VSCode Extension Marketplaces
Wiz Research has uncovered 550+ secrets hiding in plain sight. We worked with Microsoft to shut the door.
Shai-Hulud: Ongoing Package Supply Chain Worm Delivering Data-Stealing Malware
Detect and mitigate a critical supply chain compromise affecting over 100+ packages, organizations should act urgently.
s1ngularity's Aftermath: AI, TTPs, and Impact in the Nx Supply Chain Attack
A deeper look at the Nx supply chain attack: analyzing the performance of AI-powered malware, calculating incident impact, and sharing novel TTPs for further investigation.
s1ngularity: supply chain attack leaks secrets on GitHub: everything you need to know
Detect and mitigate a critical supply chain compromise affecting the Nx NPM Package. Organizations should act urgently.
Leaking Secrets in the Age of AI
How has AI-assisted development impacted secrets leakage? Learn the new patterns and emerging trends.
Rules Files for Safer Vibe Coding
Helping LLMs generate safer and more secure code through open-sourced rules files.
How to Harden GitHub Actions: The Unofficial Guide
Build resilient GitHub Actions workflows with lessons from recent attacks.
Research Briefing: MCP Security
The present and future of security for the Model Context Protocol.
How to use the new CloudTrail network activity events for AWS VPC Endpoints
Learn how AWS VPC Endpoint CloudTrail logs can help you troubleshoot endpoint policies and strengthen your network's security against data exfiltration.
新たなGitHub Actionのサプライチェーン攻撃: reviewdog/action-setup
tj-actions/changed-files に対するサプライチェーン攻撃により、多くのリポジトリが週末に機密情報を漏えいしました。Wiz Research は、reviewdog/actions-setup@v1 に対する追加のサプライチェーン攻撃を発見しており、これが tj-actions/changed-files の侵害に寄与した可能性があります。