Featured
The Year in Wiz Research: 2025 Most Read Blogs
A look back at the cloud security investigations and vulnerabilities that defined the year, from AI breakthroughs to supply chain shifts.
블로그
AI Agents vs Humans: Who Wins at Web Hacking in 2026?
Wiz Research teamed up with Irregular, a frontier AI security lab, to settle this once and for all.
Introducing the WIN Partner Index: The Integrations That Powered Modern Cloud Security in 2025
A data-driven industry benchmark showing how integrations are adopted, gain traction, and deliver value across modern cloud security programs.
AI-Powered Forensics, at Cloud Speed
Reviewing Wiz’s approach to forensics in the cloud era, and announcing the public preview of AI-powered, context-aware forensics capabilities
Introducing SITF: The First Threat Framework Dedicated to SDLC Infrastructure
Moving beyond simple checklists to visualize, map, and block attacks on production SDLC infrastructure.
WizExtend is Here: AI and Cloud Security Insights in Your Daily Workflow
Get risk insights and take remediation actions right from your in-browser CSP portal, VCS console, or as you’re reading up on the latest threat research
From Detection to Remediation: Wiz in Your JetBrains IDE
The Wiz JetBrains IDE plugin is now generally available, enabling developers to fix risks before code leaves their local environment.
Agentic Browser Security: 2025 Year-End Review
Are agentic browsers the new Flash? A 2025 review of new attacks, vendor security layers, and a roadmap for navigating AI browser risks.
CodeBreach: Infiltrating the AWS Console Supply Chain and Hijacking AWS GitHub Repositories via CodeBuild
Wiz Research discovered a critical supply chain vulnerability that abused a CodeBuild misconfiguration to take over key AWS GitHub repositories - including the JavaScript SDK powering the AWS Console.
A 90-Day Action Plan to Turn Resolutions into Results with Wiz
Whether you’re new to Wiz or early in your cloud security journey, start the year strong by turning cloud security resolutions into real impact in your first 90 days with Wiz.
Introducing the Wiz Partner Alliance: A New Chapter for Partner Success
Building the future of cloud security, together.
Preparing for Post-Quantum Cryptography
Learn what you can do today to prepare for Q-Day
Wiz Recognized as a 2025 Customers’ Choice in the Gartner® Peer Insights™ Voice of the Customer for CNAPP
Wiz is proud to be the only vendor recognized as a Customers’ Choice for two consecutive years.
Expanding the Zero Critical Club to set a new standard for AppSec and SecOps teams
We are introducing Zero Code Criticals and Zero Time to Respond clubs to give every team a clear north star for secure development and rapid response
Snipping the Long Tail of Shai-Hulud 2.0
Wiz Research reveals the data behind Shai-Hulud's 2.0 long tail, the massive gap in cloud credential rotation, a potential link to the Trust Wallet incident, and how we finally "snipped the tail" on a month of ongoing infections.
Protecting Against Zero-Day Vulnerabilities with SOC-Level ASM Alert
Outpacing React2Shell using pre-breach alerts from Wiz ASM to eliminate exploitable risk before attackers find them
MongoBleed (CVE-2025-14847) exploited in the wild: everything you need to know
Detect and mitigate CVE-2025-14847, an unauthenticated information leak vulnerability in MongoDB. Exploitation has been observed in the wild. Organizations should patch urgently.
The Kenna Transition: Your Strategic Shift to Exposure Management
How the Kenna sunset is giving security leaders the opportunity to outgrow vulnerability silos and adopt a unified exposure management model.
From MCP to Vibe Coding: Full Endpoint Visibility in Wiz AI Security
How Wiz AI-SPM delivers a complete view of exposed AI application endpoints — from Vibe Coding to MCP — and why that visibility matters.
Bringing Oracle Cloud Identity to Wiz
Unified visibility into OCI identities, permissions, and policies — mapped into Wiz’s Security Graph.
Zero‑Days in the Age of AI: Behind the Scenes of ZeroDay.cloud 2025, with a Record High of CVEs in Critical Cloud Infra
ZDC awarded hackers $320,000 and uncovered a record‑breaking tally of critical CVEs for core cloud infrastructure, underscoring the scale and urgency of securing the open‑source software that underpins the modern cloud.
Gogs 0-Day Exploited in the Wild
Wiz Threat Research has observed exploitation in-the-wild of CVE-2025-8110
Code to Cloud Attacks: From Github PAT to Cloud Control Plane
How attackers are leveraging compromised employee GitHub Personal Access Tokens to compromise cloud environments.
Top AWS re:Invent Announcements for Security Teams in 2025
The re:Invent announcements that are most impactful to security teams.
React2Shell: Technical Deep-Dive & In-the-Wild Exploitation of CVE-2025-55182
We break down the exploit mechanics and detail active in-the-wild attacks observed by our team, from credential harvesting to sophisticated cloud backdoors.