Featured
The Jenkins Threat Landscape
What usage patterns, plugin adoption, and configuration choices reveal about the Jenkins attack surface.
Blog
Critical Buffer Overflow Vulnerability in PAN-OS Exploited in-the-Wild
Detect and mitigate CVE-2026-0300, a critical vulnerability in Palo Alto Networks PAN-OS User-ID Authentication Portal that allows unauthenticated attackers to achieve remote code execution (RCE) with root privileges.
Introducing Penetration Test Findings: Unified Offensive Security in Wiz
Streamline pen-testing by unifying findings from bug bounties, manual audits, and Wiz Red Agent into a single, context-rich view.
Practical Package Security: The Unofficial Guide
Get actionable best practices to shrink your attack surface, protect execution environments, control package ingestion, and catch compromises early.
From Foundation to Force: Your Guide to Operationalizing Wiz at Scale
Following your foundation, operationalize Wiz across development, detection and response, and program maturity so your security program never stops getting stronger.
Meet Wiz for M365: Bringing SaaS into the Security Graph
Secure Microsoft 365 and the cloud it powers — one platform, one graph, complete context.
Copy Fail: Universal Linux Local Privilege Escalation Vulnerability
Detect and mitigate Copy Fail (CVE-2026-31431), an easily exploitable vulnerability in the Linux kernel that allows escalation from an unprivileged local user account to root access.
Red Agent and Claude Opus: Securing Production Targets at Scale
Delivering enterprise-grade continuous AI-powered risk assessment to hundreds of customers through the combined power of Wiz and Anthropic
The (In)security Landscape of AI-Powered GitHub Actions (Part 2/2)
When AI meets CI/CD: permission bypasses, prompt injection, and what to do about it.
Key Takeaways from the 2026 State of AI in the Cloud Report
How AI Adoption, Autonomy, and Attacker Innovation Are Reshaping Cloud Security
Supply Chain Campaign Targets SAP npm Packages with Credential-Stealing Malware
Detect and mitigate malicious npm packages linked to the recent Shai-Hulud-style campaign - Mini Shai Hulud.
Wiz Code Week Recap: Securing AI Native Development
Providing Application Security teams with visibility and guardrails to secure agentic software development and the modern software supply chain
Modern Defensible Architecture: Resilience for the Australian Federal Government
How Wiz enables Australian government agencies to operationalise MDA with real-time context, zero trust enforcement, and end-to-end cloud visibility.
Securing GitHub: Wiz Research uncovers Remote Code Execution in GitHub.com and GitHub Enterprise Server (CVE-2026-3854)
Details on CVE-2026-3854: A critical flaw in GitHub’s internal git infrastructure enabling RCE on GitHub.com and GitHub Enterprise Server.
NIST NVD Update: What it Means For Vulnerability Management
The shift from static CVE scoring to risk-based prioritization signals a new era for Vulnerability Managers
Wiz at Google Next: Machine-Speed Defense for Any Cloud, Any Platform, Any AI
Announcing new capabilities at Google Cloud Next that extend and deepen Wiz AI-APP coverage: From the first line of AI-generated code, across AI and agent studios, to the edge of the cloud
Closing the Security Gap in the Age of Agentic Coding
AI agents are writing more and more code. Ensure it's secure. Learn how Wiz Code plugins and the Green Agent bring machine-speed remediation to your AI-IDE.
Mapping Your API Ecosystem: Wiz Expands API Discovery with Apigee
See your full Apigee architecture on the Wiz Security Graph, from API gateways and environments to every endpoint and its authorization scheme.
Context.ai OAuth Token Compromise
Compromised Context.ai OAuth tokens enabled attackers to perform a supply chain attack via trusted SaaS integrations. Learn how to assess the risk in your environment and how to prevent the next attack.
Wiz and Databricks: Adding Databricks to the Wiz Security Graph
Extending Wiz Visibility with the Databricks Data & AI Platform
From Code to Pipeline: Wiz Code Now Secures Your Build Environment
Threat actors have moved upstream, and while security teams have focused on the code developers write, the systems that build and deliver that code have remained a blind spot.
IaC Inventory: A Unified View Across Code, Deployments, and Cloud
As AI applications introduce a new class of infrastructure resources, visibility into what your IaC creates, where it runs, and whether it has drifted has never been more critical.
Securing AI Applications From Inception to Deployment
Extending the Wiz AI APP into the code layer to detect AI-specific risks at inception, validate exploitability at runtime, and orchestrate remediation with agents that understand your codebase
How to Harden GitHub Actions: An Updated Guide
Build resilient GitHub Actions workflows with lessons from recent attacks like TeamPCP and Axios.
Securing the AI Edge: Wiz and Cloudflare Integrate for End-to-End AI Protection
Gain a unified view of AI application endpoints and DNS exposure across your environment, including which are protected by Cloudflare and which need to be secured