🚨 500+ malicious PRs. One campaign.

Wiz Research traced 6 waves of prt-scan starting 3 weeks earlier.
AI-powered, automated attacks exploiting pull_request_target.

Low success rate—but real npm + cloud creds hit.

Full story: https://www.wiz.io/blog/six-accounts-one-actor-inside-the-prt-scan-supply-chain-campaign

NEW CTF: AWS turned 20 🎉

So we built our monthly CTF challenge to celebrate: packed with challenges inspired by the last two decades of cloud ☁️

Oh, and… we made sure AI can't solve it 😅
So no prompts this time.

Ready to play?
https://www.cloudsecuritychampionship.com/

🎉 IT'S OFFICIAL: Wiz joins Google to secure the AI era.

This is a massive moment for our customers and our team.

AI is changing how software is built - and security has to move just as fast. Joining forces with Google allows us to accelerate our mission at AI speed, while staying true to what makes Wiz… Wiz: a multi-cloud platform built to enable innovation.

Thank you to every customer, partner, and Wizard who made this moment possible 💙

We can't wait to share what's next.

http://wiz.io/blog/google-closes-deal-to-acquire-wiz

🚨New CTF Alert: Got trust issues?

Ever wondered what it's like to investigate a real data leak? Now's your chance.

🕵️ Your mission:
1) Investigate the compromised machine
2) Figure out how the attacker exfiltrated the data
3) Find the flag

🔗 Start here: https://cloudsecuritychampionship.com/

How good is AI at hacking? We built a benchmark to find out. 🧪
Introducing the Offensive AI Benchmark, the framework that tests AI agents on 250+ real-world offensive security challenges.

Check it out → https://www.wiz.io/cyber-model-arena

🚨 CodeBreach: Wiz Research identified a critical repository-hijacking vulnerability that abused a CodeBuild Regex flaw to compromise core AWS GitHub repos, including a core lib running at the heart of the cloud's most critical interface - the #AWS Console.

Patched fast by AWS. A tiny regex, huge impact.
https://www.wiz.io/blog/wiz-research-codebreach-vulnerability-aws-codebuild

🧠 Just in time for a new year, a NEW CTF drop!

Think you know Terraform inside out? State of Affairs (challenge 7) might change your mind...

This challenge reveals an overlooked #Terraform risk and demonstrates that IaC tools are integral to your supply chain.

https://www.cloudsecuritychampionship.com/challenge/7

Day 2 at zeroday.cloud, let’s roll. 👾

👀 Didn’t register? No panic.

Walk-ins are welcome for the onsite CTF and all the action happening on the floor.

Flags are hidden. Only the sharp survive.

Day 1 of zeroday.cloud = PURE EXPLOIT ENERGY 👾

From crowd shots 👀 to researchers buried deep in terminals 💻
From first checks being claimed
To live container escapes blowing minds in real time.

See you tomorrow!

Day 1 at zeroday.cloud didn’t come to play 😈

New vulns dropped in Grafana, Linux Kernel, 3 Redis, and 2 PostgreSQL - and every. single. one. worked 🤯

100% success rate for day one.

Let’s see what we find tomorrow 👀