🚨 500+ malicious PRs. One campaign.
Wiz Research traced 6 waves of prt-scan starting 3 weeks earlier.
AI-powered, automated attacks exploiting pull_request_target.
Low success rate—but real npm + cloud creds hit.
Full story: www.wiz.io/blog/six-acc...
NEW CTF: AWS turned 20 🎉
So we built our monthly CTF challenge to celebrate: packed with challenges inspired by the last two decades of cloud ☁️
Oh, and… we made sure AI can't solve it 😅
So no prompts this time.
Ready to play?
www.cloudsecuritychampionship.com
🎉 IT'S OFFICIAL: wiz joins Google to secure the AI era.
This is a massive moment for our customers and our team.
Thank you to every customer, partner, and Wizard who made this moment possible 💙
We can't wait to share what's next.
wiz.io/blog/google-...
🚨New CTF Alert: Got trust issues?
Ever wondered what it's like to investigate a real data leak? Now's your chance.
🕵️ Your mission:
1) Investigate the compromised machine
2) Figure out how the attacker exfiltrated the data
3) Find the flag
🔗 Start here: cloudsecuritychampionship.com
How good is AI at hacking? We built a benchmark to find out. 🧪
Introducing the Offensive AI Benchmark, the framework that tests AI agents on 250+ real-world offensive security challenges.
Check it out →
www.wiz.io/cyber-model-...
🚨 CodeBreach: Wiz Research identified a critical repository-hijacking vulnerability that abused a CodeBuild Regex flaw to compromise core AWS GitHub repos, including a core lib running at the heart of the cloud's most critical interface - the #AWS Console.
🧠 Just in time for a new year, a NEW CTF drop!
Think you know Terraform inside out? State of Affairs (challenge 7) might change your mind...
This challenge uncovers an overlooked #Terraform risk and proves IaC tools are part of your supply chain.
www.cloudsecuritychampionship.com/challenge/7
🚨 CRITICAL: MongoBleed (CVE-2025-14847). MongoDB bug leaks in-memory data pre-auth and is exploited in the wild. 42% of clouds vulnerable, ~87K exposed. Atlas patched. Self-hosted: patch now or disable zlib.
www.wiz.io/blog/mongobl...
Day 2 at zeroday.cloud, let’s roll. 👾
👀 Didn’t register? No panic.
Walk-ins are welcome for the onsite CTF and all the action happening on the floor.
Flags are hidden. Only the sharp survive.
Day 1 of zeroday.cloud = PURE EXPLOIT ENERGY 👾
From crowd shots 👀 to researchers buried deep in terminals 💻
From first checks being claimed
To live container escapes blowing minds in real time.
See you tomorrow!
Day 1 at zeroday.cloud didn’t come to play 😈
New vulns dropped in Grafana, Linux Kernel, 3 Redis, and 2 PostgreSQL - and every. single. one. worked 🤯
100% success rate for day one.
Let’s see what we find tomorrow 👀
Zeroday.cloud 2025 kicks off TOMORROW! 💻
London, brace yourself -
IDEs open. Exploits cooking.
13 zero-days are on the line 💣
Don't miss it. Here's the schedule ahead ⬎
🎧 Your age after React2Shell... 𝟴𝟴.
Cloud Security Wrapped 2025 is HERE ↓
Check out our exclusive insights from our Wiz Research team!
Spotify, are we doing it right? 🎵
🚨 React2Shell (CVE‑2025‑55182) in‑the‑wild exploitation & deep‑dive analysis. Critical RCE across React 19, Next.js & all RSC frameworks. Patch now.
www.wiz.io/blog/nextjs-...
🎉 This is not a dream 💤 OUR WizZZZ BOOTH IS NOW OPEN.
Behold the ULTIMATE cloud security booth!
Games, demos, swag, naps… and the coziest cloud security playground in history 🛏️
Come see why CISOs are finally sleeping through the night 😴
It’s time to bust some malware! 🦠
Challenge #6 “Malware Busters” is LIVE.
Built by Gili Tikochinski for the reverse‑engineering pros - dive into assembly and uncover what’s hidden inside.
Think you can crack it?
cloudsecuritychampionship.com/challenge/6
🚨 New Shai-Hulud-style npm attack hitting 25k+ repos and growing fast.
Devs & CI/CD exposed via malicious preinstall. Wiz Research has detection + mitigation.
Details: www.wiz.io/blog/shai-hu...
🤖 65% of Forbes AI 50 companies leaked secrets on GitHub. Shay from our research team revealed how AI speed without security = leaks waiting to happen.
Full Wiz Research report 👉 www.wiz.io/blog/forbes-...
New CTF challenge ($20,000 IN PRIZES) 💥
We're running "Operation Cloudfall" - a live CTF during BlackHat & zeroday.cloud on December 10-11.
Get your free pass to the event today: zeroday.cloud/operation-cloudfall
See you in London 🇬🇧
🕹️ Meet Path-Man: Your new favorite game. 👾👾👾
Our 1-minute Wiz ASM game has arrived!
🤔 Here's the challenge: Navigate the attack surface to reach exploitable risk before the attackers get you.
Think you've got the skills? wiz.io/path-man
🎃 Something spooky's brewing in the cloud...
Introducing a new CTF challenge - "Game of Pods" 🕸️
💀 Written by top Azure researcher & worth 30 points, it's our BIGGEST challenge yet!
Get your skills ready for zeroday.cloud: cloudsecuritychampionship.com
Need a partner to finish that exploit chain for ZERODAY.CLOUD?
We just launched our Research Collaboration Center at zeroday.cloud/collab to connect researchers, combine skills, and meet the deadline. 🤝
The clock is ticking... ⏱️
Our biggest reminder yet. ZERODAY.CLOUD.
A first-of-its-kind, open-source cloud hacking competition.
Find vulnerabilities in the critical open-source software that powers the cloud, and compete for your share of a $4.5M prize pool.
➡️ www.zeroday.cloud
🎁 We're giving away 2,000 SHIFT LEFT keyboards ↓
Want one on your desk?
Fill out the form >> redeem.reachdesk.com/lp/wiz/shift...
That's it! The keyboard is on its way 📦
Why are we doing this? 👀
A secret game is coming… and the whole world is invited.
🚨 Wiz Research uncovered 100+ leaked VSCode publisher tokens that could let attackers push malicious updates to 185K+ installs. We partnered with Microsoft to secure tokens and protect the ecosystem.
@scottpiper.bsky.social highlights an emerging trend of attackers incorporating AI into their payloads, providing recent examples, and discussing the implications of this trend.
Full analysis: www.wiz.io/blog/the-eme...
🤖 We're witnessing something unprecedented with AI agents:
Malware that literally prompts ChatGPT, Claude, and other LLMs to write its own attack code. Live. On victim machines.
Introducing ZERODAY.CLOUD🕵️♀️
Be the first to participate in the first-of-its-kind cloud hacking competition. 🤝
WIN HUGE PRIZES from our up to 4.5 million dollar prize pool. 💰🏆
Join us to help make the cloud a safer place. Register your exploit now >> zeroday.cloud
@fortune.com JUST DROPPED A FEATURE ON Wiz 🔥
If you've been following the Wiz story, this one's for you.
HUGE shoutout to everyone who made this story worth telling. You helped build something Fortune couldn't ignore 💙
fortune.com/article/wiz-...
