Wiz io
@wizsecurity.bsky.social
Secure everything you build and run in the cloud
Pinned
Wiz io
@wizsecurity.bsky.social
· Jul 29
🚨 We found a critical vulnerability in the popular Vibe Coding Platform Base44: No password. No invite. Full access.
🚨 CRITICAL: MongoBleed (CVE-2025-14847). MongoDB bug leaks in-memory data pre-auth and is exploited in the wild. 42% of clouds vulnerable, ~87K exposed. Atlas patched. Self-hosted: patch now or disable zlib.
www.wiz.io/blog/mongobl...
www.wiz.io/blog/mongobl...
MongoBleed (CVE-2025-14847) exploited in the wild | Wiz Blog
Detect and mitigate CVE-2025-14847, an unauthenticated information leak vulnerability in MongoDB. Exploitation has been observed in the wild.
www.wiz.io
December 28, 2025 at 12:29 PM
🚨 CRITICAL: MongoBleed (CVE-2025-14847). MongoDB bug leaks in-memory data pre-auth and is exploited in the wild. 42% of clouds vulnerable, ~87K exposed. Atlas patched. Self-hosted: patch now or disable zlib.
www.wiz.io/blog/mongobl...
www.wiz.io/blog/mongobl...
Day 2 at zeroday.cloud, let’s roll. 👾
👀 Didn’t register? No panic.
Walk-ins are welcome for the onsite CTF and all the action happening on the floor.
Flags are hidden. Only the sharp survive.
👀 Didn’t register? No panic.
Walk-ins are welcome for the onsite CTF and all the action happening on the floor.
Flags are hidden. Only the sharp survive.
December 11, 2025 at 12:19 PM
Day 2 at zeroday.cloud, let’s roll. 👾
👀 Didn’t register? No panic.
Walk-ins are welcome for the onsite CTF and all the action happening on the floor.
Flags are hidden. Only the sharp survive.
👀 Didn’t register? No panic.
Walk-ins are welcome for the onsite CTF and all the action happening on the floor.
Flags are hidden. Only the sharp survive.
Day 1 of zeroday.cloud = PURE EXPLOIT ENERGY 👾
From crowd shots 👀 to researchers buried deep in terminals 💻
From first checks being claimed
To live container escapes blowing minds in real time.
See you tomorrow!
From crowd shots 👀 to researchers buried deep in terminals 💻
From first checks being claimed
To live container escapes blowing minds in real time.
See you tomorrow!
December 11, 2025 at 10:01 AM
Day 1 of zeroday.cloud = PURE EXPLOIT ENERGY 👾
From crowd shots 👀 to researchers buried deep in terminals 💻
From first checks being claimed
To live container escapes blowing minds in real time.
See you tomorrow!
From crowd shots 👀 to researchers buried deep in terminals 💻
From first checks being claimed
To live container escapes blowing minds in real time.
See you tomorrow!
Day 1 at zeroday.cloud didn’t come to play 😈
New vulns dropped in Grafana, Linux Kernel, 3 Redis, and 2 PostgreSQL - and every. single. one. worked 🤯
100% success rate for day one.
Let’s see what we find tomorrow 👀
New vulns dropped in Grafana, Linux Kernel, 3 Redis, and 2 PostgreSQL - and every. single. one. worked 🤯
100% success rate for day one.
Let’s see what we find tomorrow 👀
December 11, 2025 at 9:37 AM
Day 1 at zeroday.cloud didn’t come to play 😈
New vulns dropped in Grafana, Linux Kernel, 3 Redis, and 2 PostgreSQL - and every. single. one. worked 🤯
100% success rate for day one.
Let’s see what we find tomorrow 👀
New vulns dropped in Grafana, Linux Kernel, 3 Redis, and 2 PostgreSQL - and every. single. one. worked 🤯
100% success rate for day one.
Let’s see what we find tomorrow 👀
Zeroday.cloud 2025 kicks off TOMORROW! 💻
London, brace yourself -
IDEs open. Exploits cooking.
13 zero-days are on the line 💣
Don't miss it. Here's the schedule ahead ⬎
London, brace yourself -
IDEs open. Exploits cooking.
13 zero-days are on the line 💣
Don't miss it. Here's the schedule ahead ⬎
December 9, 2025 at 2:57 PM
Zeroday.cloud 2025 kicks off TOMORROW! 💻
London, brace yourself -
IDEs open. Exploits cooking.
13 zero-days are on the line 💣
Don't miss it. Here's the schedule ahead ⬎
London, brace yourself -
IDEs open. Exploits cooking.
13 zero-days are on the line 💣
Don't miss it. Here's the schedule ahead ⬎
🎧 Your age after React2Shell... 𝟴𝟴.
Cloud Security Wrapped 2025 is HERE ↓
Check out our exclusive insights from our Wiz Research team!
Spotify, are we doing it right? 🎵
Cloud Security Wrapped 2025 is HERE ↓
Check out our exclusive insights from our Wiz Research team!
Spotify, are we doing it right? 🎵
December 9, 2025 at 1:30 PM
🎧 Your age after React2Shell... 𝟴𝟴.
Cloud Security Wrapped 2025 is HERE ↓
Check out our exclusive insights from our Wiz Research team!
Spotify, are we doing it right? 🎵
Cloud Security Wrapped 2025 is HERE ↓
Check out our exclusive insights from our Wiz Research team!
Spotify, are we doing it right? 🎵
🚨 React2Shell (CVE‑2025‑55182) in‑the‑wild exploitation & deep‑dive analysis. Critical RCE across React 19, Next.js & all RSC frameworks. Patch now.
www.wiz.io/blog/nextjs-...
www.wiz.io/blog/nextjs-...
December 8, 2025 at 5:25 PM
🚨 React2Shell (CVE‑2025‑55182) in‑the‑wild exploitation & deep‑dive analysis. Critical RCE across React 19, Next.js & all RSC frameworks. Patch now.
www.wiz.io/blog/nextjs-...
www.wiz.io/blog/nextjs-...
🎉 This is not a dream 💤 OUR WizZZZ BOOTH IS NOW OPEN.
Behold the ULTIMATE cloud security booth!
Games, demos, swag, naps… and the coziest cloud security playground in history 🛏️
Come see why CISOs are finally sleeping through the night 😴
Behold the ULTIMATE cloud security booth!
Games, demos, swag, naps… and the coziest cloud security playground in history 🛏️
Come see why CISOs are finally sleeping through the night 😴
December 2, 2025 at 2:00 AM
🎉 This is not a dream 💤 OUR WizZZZ BOOTH IS NOW OPEN.
Behold the ULTIMATE cloud security booth!
Games, demos, swag, naps… and the coziest cloud security playground in history 🛏️
Come see why CISOs are finally sleeping through the night 😴
Behold the ULTIMATE cloud security booth!
Games, demos, swag, naps… and the coziest cloud security playground in history 🛏️
Come see why CISOs are finally sleeping through the night 😴
It’s time to bust some malware! 🦠
Challenge #6 “Malware Busters” is LIVE.
Built by Gili Tikochinski for the reverse‑engineering pros - dive into assembly and uncover what’s hidden inside.
Think you can crack it?
cloudsecuritychampionship.com/challenge/6
Challenge #6 “Malware Busters” is LIVE.
Built by Gili Tikochinski for the reverse‑engineering pros - dive into assembly and uncover what’s hidden inside.
Think you can crack it?
cloudsecuritychampionship.com/challenge/6
The Ultimate Cloud Security Championship | 12 Months × 12 Challenges
Join our monthly cloud security CTF challenge, built by top Wiz researchers. Solve real-world scenarios and rise to the top of the leaderboard.
cloudsecuritychampionship.com
November 27, 2025 at 1:49 PM
It’s time to bust some malware! 🦠
Challenge #6 “Malware Busters” is LIVE.
Built by Gili Tikochinski for the reverse‑engineering pros - dive into assembly and uncover what’s hidden inside.
Think you can crack it?
cloudsecuritychampionship.com/challenge/6
Challenge #6 “Malware Busters” is LIVE.
Built by Gili Tikochinski for the reverse‑engineering pros - dive into assembly and uncover what’s hidden inside.
Think you can crack it?
cloudsecuritychampionship.com/challenge/6
🚨 New Shai-Hulud-style npm attack hitting 25k+ repos and growing fast.
Devs & CI/CD exposed via malicious preinstall. Wiz Research has detection + mitigation.
Details: www.wiz.io/blog/shai-hu...
Devs & CI/CD exposed via malicious preinstall. Wiz Research has detection + mitigation.
Details: www.wiz.io/blog/shai-hu...
Shai-Hulud 2.0: Ongoing Supply Chain Attack | Wiz Blog
Detect and mitigate malicious npm packages linked to the recent Shai-Hulud-style campaign. Over 25,000 affected repositories across ~350 unique users.
www.wiz.io
November 24, 2025 at 12:12 PM
🚨 New Shai-Hulud-style npm attack hitting 25k+ repos and growing fast.
Devs & CI/CD exposed via malicious preinstall. Wiz Research has detection + mitigation.
Details: www.wiz.io/blog/shai-hu...
Devs & CI/CD exposed via malicious preinstall. Wiz Research has detection + mitigation.
Details: www.wiz.io/blog/shai-hu...
🤖 65% of Forbes AI 50 companies leaked secrets on GitHub. Shay from our research team revealed how AI speed without security = leaks waiting to happen.
Full Wiz Research report 👉 www.wiz.io/blog/forbes-...
Full Wiz Research report 👉 www.wiz.io/blog/forbes-...
65% of Startups from Forbes AI 50 Leaked Secrets on GitHub | Wiz Blog
A Wiz investigation into the Forbes AI 50 reveals 65% of leading AI startups had leaked secrets. See real examples, leak types, and how to prevent this.
www.wiz.io
November 10, 2025 at 2:57 PM
🤖 65% of Forbes AI 50 companies leaked secrets on GitHub. Shay from our research team revealed how AI speed without security = leaks waiting to happen.
Full Wiz Research report 👉 www.wiz.io/blog/forbes-...
Full Wiz Research report 👉 www.wiz.io/blog/forbes-...
New CTF challenge ($20,000 IN PRIZES) 💥
We're running "Operation Cloudfall" - a live CTF during BlackHat & zeroday.cloud on December 10-11.
Get your free pass to the event today: zeroday.cloud/operation-cloudfall
See you in London 🇬🇧
We're running "Operation Cloudfall" - a live CTF during BlackHat & zeroday.cloud on December 10-11.
Get your free pass to the event today: zeroday.cloud/operation-cloudfall
See you in London 🇬🇧
November 6, 2025 at 5:55 PM
New CTF challenge ($20,000 IN PRIZES) 💥
We're running "Operation Cloudfall" - a live CTF during BlackHat & zeroday.cloud on December 10-11.
Get your free pass to the event today: zeroday.cloud/operation-cloudfall
See you in London 🇬🇧
We're running "Operation Cloudfall" - a live CTF during BlackHat & zeroday.cloud on December 10-11.
Get your free pass to the event today: zeroday.cloud/operation-cloudfall
See you in London 🇬🇧
🕹️ Meet Path-Man: Your new favorite game. 👾👾👾
Our 1-minute Wiz ASM game has arrived!
🤔 Here's the challenge: Navigate the attack surface to reach exploitable risk before the attackers get you.
Think you've got the skills? wiz.io/path-man
Our 1-minute Wiz ASM game has arrived!
🤔 Here's the challenge: Navigate the attack surface to reach exploitable risk before the attackers get you.
Think you've got the skills? wiz.io/path-man
Path-Man | Wiz
Find exploitable exposures before hackers do
wiz.io
November 5, 2025 at 1:15 PM
🕹️ Meet Path-Man: Your new favorite game. 👾👾👾
Our 1-minute Wiz ASM game has arrived!
🤔 Here's the challenge: Navigate the attack surface to reach exploitable risk before the attackers get you.
Think you've got the skills? wiz.io/path-man
Our 1-minute Wiz ASM game has arrived!
🤔 Here's the challenge: Navigate the attack surface to reach exploitable risk before the attackers get you.
Think you've got the skills? wiz.io/path-man
🎃 Something spooky's brewing in the cloud...
Introducing a new CTF challenge - "Game of Pods" 🕸️
💀 Written by top Azure researcher & worth 30 points, it's our BIGGEST challenge yet!
Get your skills ready for zeroday.cloud: cloudsecuritychampionship.com
Introducing a new CTF challenge - "Game of Pods" 🕸️
💀 Written by top Azure researcher & worth 30 points, it's our BIGGEST challenge yet!
Get your skills ready for zeroday.cloud: cloudsecuritychampionship.com
October 27, 2025 at 1:41 PM
🎃 Something spooky's brewing in the cloud...
Introducing a new CTF challenge - "Game of Pods" 🕸️
💀 Written by top Azure researcher & worth 30 points, it's our BIGGEST challenge yet!
Get your skills ready for zeroday.cloud: cloudsecuritychampionship.com
Introducing a new CTF challenge - "Game of Pods" 🕸️
💀 Written by top Azure researcher & worth 30 points, it's our BIGGEST challenge yet!
Get your skills ready for zeroday.cloud: cloudsecuritychampionship.com
Need a partner to finish that exploit chain for ZERODAY.CLOUD?
We just launched our Research Collaboration Center at zeroday.cloud/collab to connect researchers, combine skills, and meet the deadline. 🤝
The clock is ticking... ⏱️
We just launched our Research Collaboration Center at zeroday.cloud/collab to connect researchers, combine skills, and meet the deadline. 🤝
The clock is ticking... ⏱️
October 23, 2025 at 4:00 PM
Need a partner to finish that exploit chain for ZERODAY.CLOUD?
We just launched our Research Collaboration Center at zeroday.cloud/collab to connect researchers, combine skills, and meet the deadline. 🤝
The clock is ticking... ⏱️
We just launched our Research Collaboration Center at zeroday.cloud/collab to connect researchers, combine skills, and meet the deadline. 🤝
The clock is ticking... ⏱️
Our biggest reminder yet. ZERODAY.CLOUD.
A first-of-its-kind, open-source cloud hacking competition.
Find vulnerabilities in the critical open-source software that powers the cloud, and compete for your share of a $4.5M prize pool.
➡️ www.zeroday.cloud
A first-of-its-kind, open-source cloud hacking competition.
Find vulnerabilities in the critical open-source software that powers the cloud, and compete for your share of a $4.5M prize pool.
➡️ www.zeroday.cloud
October 16, 2025 at 5:24 PM
Our biggest reminder yet. ZERODAY.CLOUD.
A first-of-its-kind, open-source cloud hacking competition.
Find vulnerabilities in the critical open-source software that powers the cloud, and compete for your share of a $4.5M prize pool.
➡️ www.zeroday.cloud
A first-of-its-kind, open-source cloud hacking competition.
Find vulnerabilities in the critical open-source software that powers the cloud, and compete for your share of a $4.5M prize pool.
➡️ www.zeroday.cloud
🎁 We're giving away 2,000 SHIFT LEFT keyboards ↓
Want one on your desk?
Fill out the form >> redeem.reachdesk.com/lp/wiz/shift...
That's it! The keyboard is on its way 📦
Why are we doing this? 👀
A secret game is coming… and the whole world is invited.
Want one on your desk?
Fill out the form >> redeem.reachdesk.com/lp/wiz/shift...
That's it! The keyboard is on its way 📦
Why are we doing this? 👀
A secret game is coming… and the whole world is invited.
October 16, 2025 at 4:50 PM
🎁 We're giving away 2,000 SHIFT LEFT keyboards ↓
Want one on your desk?
Fill out the form >> redeem.reachdesk.com/lp/wiz/shift...
That's it! The keyboard is on its way 📦
Why are we doing this? 👀
A secret game is coming… and the whole world is invited.
Want one on your desk?
Fill out the form >> redeem.reachdesk.com/lp/wiz/shift...
That's it! The keyboard is on its way 📦
Why are we doing this? 👀
A secret game is coming… and the whole world is invited.
🚨 Wiz Research uncovered 100+ leaked VSCode publisher tokens that could let attackers push malicious updates to 185K+ installs. We partnered with Microsoft to secure tokens and protect the ecosystem.
Supply Chain Risk in VSCode Extension Marketplaces | Wiz Blog
Wiz Research uncovered 500+ leaked secrets in VSCode and Open VSX extensions, exposing 150K installs to risk. Learn what happened and how it was fixed.
www.wiz.io
October 15, 2025 at 2:34 PM
🚨 Wiz Research uncovered 100+ leaked VSCode publisher tokens that could let attackers push malicious updates to 185K+ installs. We partnered with Microsoft to secure tokens and protect the ecosystem.
🤖 We're witnessing something unprecedented with AI agents:
Malware that literally prompts ChatGPT, Claude, and other LLMs to write its own attack code. Live. On victim machines.
Malware that literally prompts ChatGPT, Claude, and other LLMs to write its own attack code. Live. On victim machines.
Emerging Threat: AI-Powered Malware Attacks | Wiz Blog
From LameHug to s1ngularity, attackers are invoking AI directly in malware payloads.
www.wiz.io
October 9, 2025 at 2:32 PM
🤖 We're witnessing something unprecedented with AI agents:
Malware that literally prompts ChatGPT, Claude, and other LLMs to write its own attack code. Live. On victim machines.
Malware that literally prompts ChatGPT, Claude, and other LLMs to write its own attack code. Live. On victim machines.
Introducing ZERODAY.CLOUD🕵️♀️
Be the first to participate in the first-of-its-kind cloud hacking competition. 🤝
WIN HUGE PRIZES from our up to 4.5 million dollar prize pool. 💰🏆
Join us to help make the cloud a safer place. Register your exploit now >> zeroday.cloud
Be the first to participate in the first-of-its-kind cloud hacking competition. 🤝
WIN HUGE PRIZES from our up to 4.5 million dollar prize pool. 💰🏆
Join us to help make the cloud a safer place. Register your exploit now >> zeroday.cloud
September 30, 2025 at 5:39 PM
Introducing ZERODAY.CLOUD🕵️♀️
Be the first to participate in the first-of-its-kind cloud hacking competition. 🤝
WIN HUGE PRIZES from our up to 4.5 million dollar prize pool. 💰🏆
Join us to help make the cloud a safer place. Register your exploit now >> zeroday.cloud
Be the first to participate in the first-of-its-kind cloud hacking competition. 🤝
WIN HUGE PRIZES from our up to 4.5 million dollar prize pool. 💰🏆
Join us to help make the cloud a safer place. Register your exploit now >> zeroday.cloud
@fortune.com JUST DROPPED A FEATURE ON Wiz 🔥
If you've been following the Wiz story, this one's for you.
HUGE shoutout to everyone who made this story worth telling. You helped build something Fortune couldn't ignore 💙
fortune.com/article/wiz-...
If you've been following the Wiz story, this one's for you.
HUGE shoutout to everyone who made this story worth telling. You helped build something Fortune couldn't ignore 💙
fortune.com/article/wiz-...
September 30, 2025 at 2:58 PM
@fortune.com JUST DROPPED A FEATURE ON Wiz 🔥
If you've been following the Wiz story, this one's for you.
HUGE shoutout to everyone who made this story worth telling. You helped build something Fortune couldn't ignore 💙
fortune.com/article/wiz-...
If you've been following the Wiz story, this one's for you.
HUGE shoutout to everyone who made this story worth telling. You helped build something Fortune couldn't ignore 💙
fortune.com/article/wiz-...
🚨 #Shai-Hulud: Major npm supply chain attack.
100+ packages weaponized with stolen GitHub tokens, stealing secrets, hijacking repos, and auto-propagating like a worm.
Guidance + detections inside
www.wiz.io/blog/shai-hu...
100+ packages weaponized with stolen GitHub tokens, stealing secrets, hijacking repos, and auto-propagating like a worm.
Guidance + detections inside
www.wiz.io/blog/shai-hu...
September 16, 2025 at 2:20 PM
🚨 #Shai-Hulud: Major npm supply chain attack.
100+ packages weaponized with stolen GitHub tokens, stealing secrets, hijacking repos, and auto-propagating like a worm.
Guidance + detections inside
www.wiz.io/blog/shai-hu...
100+ packages weaponized with stolen GitHub tokens, stealing secrets, hijacking repos, and auto-propagating like a worm.
Guidance + detections inside
www.wiz.io/blog/shai-hu...
🚨 Major npm hijack: Attackers took over Qix's account (chalk, debug & more). Malicious versions briefly hit npm, injecting browser code to hijack crypto transactions.
DuckDB ecosystem is also affected.
DuckDB ecosystem is also affected.
September 9, 2025 at 12:26 PM
🚨 Major npm hijack: Attackers took over Qix's account (chalk, debug & more). Malicious versions briefly hit npm, injecting browser code to hijack crypto transactions.
DuckDB ecosystem is also affected.
DuckDB ecosystem is also affected.
Meet WizOS 💥 Public Preview! Secure, minimal container images with near-zero CVEs. Less patching, more speed, swap images right in your CI/CD & IDEs.
www.wiz.io/blog/wizos-t...
www.wiz.io/blog/wizos-t...
WizOS Is Here: Container Security from the Image Up | Wiz Blog
WizOS is now in public preview: minimal, secured container images built by Wiz with near-zero CVEs. Join now to access the Secured Image Catalog.
www.wiz.io
September 9, 2025 at 11:07 AM
Meet WizOS 💥 Public Preview! Secure, minimal container images with near-zero CVEs. Less patching, more speed, swap images right in your CI/CD & IDEs.
www.wiz.io/blog/wizos-t...
www.wiz.io/blog/wizos-t...
🚨 One leaked #AWS key fueled a global phishing campaign. Wiz traced the attack, stopped it with Defend alerts, and added protections so one key never opens every door.
Full story 👉 www.wiz.io/blog/wiz-dis...
Full story 👉 www.wiz.io/blog/wiz-dis...
Wiz Uncovers SES Abuse Campaign Using Stolen AWS Access Keys | Wiz Blog
From leaked AWS access keys to large-scale spam: Wiz Research uncovered a live Amazon SES abuse campaign, turning insights into early-warning detections.
www.wiz.io
September 8, 2025 at 12:13 PM
🚨 One leaked #AWS key fueled a global phishing campaign. Wiz traced the attack, stopped it with Defend alerts, and added protections so one key never opens every door.
Full story 👉 www.wiz.io/blog/wiz-dis...
Full story 👉 www.wiz.io/blog/wiz-dis...