Introducing the Wiz Red Agent- AI-Powered Attacker
Red Agent is an AI-powered, context-aware attacker that uncovers complex exploitable risks across your entire attack surface, continuously and at scale.
Danielle Aminov
Danielle Aminov is a threat researcher at Wiz, specializing in network-based threats, external attack-surface management, and threat intelligence. Backed by a B.S. in Computer Science and more than six years of offensive-security experience - spanning red-team operations and penetration testing - she now designs proactive detection strategies that help large cloud environments map their external exposure and rapidly defend against emerging attack vectors.
Danielle Aminov 게시물
React2Shell (CVE-2025-55182): Everything You Need to Know About the Critical React Vulnerability
Detect and mitigate React2Shell (CVE-2025-55182), critical RCE vulnerability in React and Next.js exploited in the wild. Organizations should patch urgently.
Defending against database ransomware attacks
How attackers exploit exposed databases for extortion—and the defenses that work.
Beyond CVEs: The Exploitation of Everyday Misconfigurations
Exploring how simple setup flaws become open doors for attackers—and what teams can do to shut them.
Widespread npm Supply Chain Attack: Breaking Down Impact & Scope Across Debug, Chalk, and Beyond
A deeper look at the npm debug/chalk supply-chain incident: deobfuscating the wallet-hijacking browser interceptor, quantifying the ~2-hour exposure with Wiz telemetry (~99% package prevalence, ~10% malware presence), and unpacking what made it spread so fast.
DevOps Tools Targeted for Cryptojacking
The Wiz Threat Research team has identified a widespread cryptojacking campaign targeting commonly used DevOps applications including Nomad and Consul.
Under the Radar: Exploring Spring Boot Actuator Misconfigurations
Wiz Threat Research investigates misconfigurations in Spring Boot Actuator’s endpoints that can leak environment variables, passwords, and API keys, and even lead to remote code execution.
Supply chain attack on lottie-player: everything you need to know
Supply chain attack in popular lottie-player library compromises websites with malicious Web3 wallet prompts – update or revert the library to avoid the compromised versions.
RCE vulnerability in OpenSSH: everything you need to know
Detect and mitigate CVE-2024-6387, a remote code execution vulnerability in OpenSSH. Organizations are advised to patch urgently.
Backdoor in XZ Utils allows RCE: everything you need to know
Detect and mitigate CVE-2024-3094, a critical supply chain compromise, affecting XZ Utils Data compression library. Organizations should patch urgently.