A 13‑year Redis flaw (CVE‑2025‑49844) allows attackers to escape Lua sandbox and run code on hosts. See Wiz Research’s analysis and mitigations.| wiz.io
Wiz helps simplify incident response in the cloud for faster investigation of security incidents.| wiz.io
NamespaceHound is an open-source tool that detects potentially risky namespace crossing violations and anonymous access opportunities in multi-tenant clusters.| wiz.io
Who is responsible for doing what when a new cloud vulnerability is disclosed? Right now, it can be hard to know.| wiz.io
This is the full story of the Azure ChaosDB Vulnerability that was discovered and disclosed by the Wiz Research Team, where we were able to gain complete unrestricted access to the databases of several thousand Microsoft Azure customers.| wiz.io
Securing the future of cloud and AI| wiz.io
Wiz has become the fastest-growing software company ever, scaling from $1M to $100M ARR in only 18 months.| wiz.io
Wiz assists Incident Response and SOC teams by identifying possible root causes and calculating the potential blast radius of compromised resources.| wiz.io
Build resilient GitHub Actions workflows with insights from real attacks, missteps to avoid, and security tips GitHub’s docs don’t fully cover.| wiz.io
In this first blog post, we will introduce lateral movement as it pertains to the VPC. We will discuss attacker TTPs, and outline best practices for security practitioners and cloud builders to help secure their cloud environment and reduce risk.| wiz.io
A supply chain attack on tj-actions/changed-files leaked secrets. Wiz Research found another attack on reviewdog/actions-setup, possibly causing the compromise.| wiz.io
Wiz Research uncovered RCE vulnerabilities (CVE-2025-1097, 1098, 24514, 1974) in Ingress NGINX for Kubernetes allowing cluster-wide secret access.| wiz.io
A publicly accessible database belonging to DeepSeek allowed full control over database operations, including the ability to access internal data. The exposure includes over a million lines of log streams with highly sensitive information.| wiz.io
Agentless visibility and risk assessment paired with Wiz Runtime Sensor real-time detection for the best of both worlds| wiz.io
Learn what tools and data sources you need to use in cloud forensics investigation and how they come into practice in a real-life example.| wiz.io
Wiz Research found a data exposure incident on Microsoft’s AI GitHub repository, including over 30,000 internal Microsoft Teams messages – all caused by one misconfigured SAS token| wiz.io
Wiz pushes for consolidation, bolstering Cloud Detection and Response capabilities, and delivering on the promise of security operations for the cloud era.| wiz.io
Wiz Research uncovers vulnerabilities in SAP AI Core, allowing malicious actors to take over the service and access customer data.| wiz.io
Wiz Research recently found 4 critical vulnerabilities in OMI, which is one of Azure's most ubiquitous yet least known software agents and is deployed on a large portion of Linux VMs in Azure.| wiz.io
Wiz researchers find architecture risks that may compromise AI-as-a-Service providers and risk customer data; works with Hugging Face on mitigations.| wiz.io
In this third blog post, we will discuss lateral movement risks from the cloud to Kubernetes. We will explain attacker TTPs, and outline best practices for cloud builders and defenders to help secure their cloud environments and mitigate risk.| wiz.io