Just published my live map of the london underground! (link below)

🤯 Introducing the Wiz MCP Server! Our powerful new way to connect Wiz to your tools and LLM applications - investigate, respond, and reduce risk in your cloud faster than ever. Learn more: wiz.io/blog/introduci…

💰 New THOR Collective drop 💰 Are you looking to secure your hunt team's bag (and headcount)? Then you need to tell a story with relevant metrics. For metrics from the boardroom to the whiteboard, join us at: dispatch.thorcollective.com/p/measuring-th… #threathunting #thrunting #THORCollective

Pope Francis’ reign included an astronomical increase in CVEs recorded…

Power took so long to come back I started playing Balatro

ACoD (A Conference on Defense) is back in Northern VA, this Sept. 10-11. CFP closes June 1. We're looking for security operations talks. How are you detecting and mitigating threats today? Not theoretically, "In the future, AI..." Not that. What are you doing that is working

🚨 OH NOOOO! Someone stole the secret recipe of ExfilCola. We need your help tomorrow to get it back. Set your clocks for 9 a.m. ET ⏰ You'll need curiosity, cloud IR skills, and a taste for solving mysteries. 🧠 Do you think you can crack it?

In light of recent GitHub Actions incidents (Ultralytics, tj-actions...), I wrote up a practical guide to hardening for Wiz Covers permissions, secrets, 3rd-party Actions, ++ Use it to avoid learning these lessons the hard way: wiz.io/blog/github-ac…

🔍IT'S HERE: #ExfilCola, our cloud IR security CTF challenge!🥤 Your mission: - Investigate the cloud environment logs - Research the compromised machines - Secure the files and save the day ⏰ The Cloud Hunting Games are live >> cloudhuntinggames.com

🎙️All you need to know on bug bounty insights w/ Justin Gardner! Amitai Cohen 🎗️🤟 & Eden dive into hacks, lessons & wild stories on Crying Out Cloud. 🔗 Listen now: 🍏 podcasts.apple.com/us/podcast/bug… 🎧 open.spotify.com/episode/6B6qY9… 📺 youtube.com/watch?v=eW6kk-…

🎙️ All you need to know in the cloud: UK retail ransomware hits, SAP bugs exploited, CVE chaos, & GitHub attacks. Cloud news with Amitai Cohen 🎗️🤟 & Eden 🔗 Listen now: 🍏 podcasts.apple.com/us/podcast/uk-…

Check out the talks that have been accepted for fwd:cloudsec! Also, there are still tickets available for the conference! It's happening June 30-July 1 in Denver. fwdcloudsec.org/conference/nor…

From supply chain attacks to exposed AI infra, our podcast & newsletter were on 🔥 this year! 🎧 Thanks to everyone who joined us on Crying Out Cloud this year. Dive into our top stories → wiz.io/blog/favorite-…

Marvelous! Benny Isaacs, Nir Brakha, Sagi Tzadik (sagitz) of Wiz Research successfully popped Redis in the AI category. They head off to see if they are the second full win for AI in #Pwn2Own history. #P2OBerlin

Our team at Wiz Research has observed ongoing exploitation of these latest Ivanti EPMM vulnerabilities - more details here: wiz.io/blog/ivanti-ep…

🚨 New Wiz research: Active exploitation of Ivanti EPMM flaws (CVE-2025-4427 & 4428) enables RCE in the wild. Cloud systems are at risk; patch now. Wiz customers can find pre-built detection queries in the Threat Intelligence Center. Full details 👉 wiz.io/blog/ivanti-ep…

Reminder that the fwd:cloudsec Europe 2025 Call for Papers is open! First time speakers who requested feedback by May 30th and meet the submission criteria will receive feedback on how to improve during the second round. For more: fwdcloudsec.org/conference/eur…

Was browsing GitHub discussions and saw that NPM is going to support OIDC trusted publishing in June/July. github.com/orgs/community… This will cut down on so many attacks due to compromised NPM tokens.

🎙️ New ep: Dr. Anton Chuvakin joins Eden & Amitai Cohen 🎗️🤟 to break down AI in security, why SOCs are broken, cloud appliances, and shared fate done right. Don't miss it. ⬇️ 🍏 podcasts.apple.com/il/podcast/ai-…

DevOps misconfigurations are getting exploited in ways we haven't seen before 🚨 Our threat research team just published findings on a cryptojacking campaign from an actor we call JINX-0132, targeting Nomad, Consul, Docker, and Gitea servers. 🧵 What caught our attention: