| https://twitter.com/wiz_io | |
| Website | https://www.wiz.io |
| Blog | https://www.wiz.io/blog |
| https://www.linkedin.com/company/wizsecurity |
The secret's out.🤫
Introducing THE ZERODAY.CLOUD COMMUNITY 👾
Inside:
• 0-day vulnerability deep dives from Xint, Moritz Sanft, Paul Gerste & more...
• Access to events & a network of world-class hackers
• CTFs with prizes
Join now :)
🚨 BREAKING: Wiz Research discovered Remote Code Execution on GitHub.com with a single git push.
Wiz Researchers uncovered a critical flaw in GitHub that could be exploited for RCE. The flaw allowed unauthorized access to millions of repositories belonging to other users and organizations 🤯
We responsibly disclosed the issue to GitHub, who deployed a fix on GitHub.com the same day (!) and released patches for all supported GHES versions.
GitHub Enterprise Server customers are strongly encouraged to update immediately.
Huge kudos to GitHub for addressing the issue 👏
Full technical breakdown here → https://www.wiz.io/blog/github-rce-vulnerability-cve-2026-3854
🚨 500+ malicious PRs. One campaign.
Wiz Research traced 6 waves of prt-scan starting 3 weeks earlier.
AI-powered, automated attacks exploiting pull_request_target.
Low success rate—but real npm + cloud creds hit.
Full story: https://www.wiz.io/blog/six-accounts-one-actor-inside-the-prt-scan-supply-chain-campaign
NEW CTF: AWS turned 20 🎉
So we built our monthly CTF challenge to celebrate: packed with challenges inspired by the last two decades of cloud ☁️
Oh, and… we made sure AI can't solve it 😅
So no prompts this time.
Ready to play?
https://www.cloudsecuritychampionship.com/
🎉 IT'S OFFICIAL: Wiz joins Google to secure the AI era.
This is a massive moment for our customers and our team.
AI is changing how software is built - and security has to move just as fast. Joining forces with Google allows us to accelerate our mission at AI speed, while staying true to what makes Wiz… Wiz: a multi-cloud platform built to enable innovation.
Thank you to every customer, partner, and Wizard who made this moment possible 💙
We can't wait to share what's next.
🚨New CTF Alert: Got trust issues?
Ever wondered what it's like to investigate a real data leak? Now's your chance.
🕵️ Your mission:
1) Investigate the compromised machine
2) Figure out how the attacker exfiltrated the data
3) Find the flag
🔗 Start here: https://cloudsecuritychampionship.com/
How good is AI at hacking? We built a benchmark to find out. 🧪
Introducing the Offensive AI Benchmark, the framework that tests AI agents on 250+ real-world offensive security challenges.
Check it out → https://www.wiz.io/cyber-model-arena
🚨 CodeBreach: Wiz Research identified a critical repository-hijacking vulnerability that abused a CodeBuild Regex flaw to compromise core AWS GitHub repos, including a core lib running at the heart of the cloud's most critical interface - the #AWS Console.
Patched fast by AWS. A tiny regex, huge impact.
https://www.wiz.io/blog/wiz-research-codebreach-vulnerability-aws-codebuild
🧠 Just in time for a new year, a NEW CTF drop!
Think you know Terraform inside out? State of Affairs (challenge 7) might change your mind...
This challenge reveals an overlooked #Terraform risk and demonstrates that IaC tools are integral to your supply chain.
