Skip to content
The Nexus
DossierENTITY

Wiz

Coverage of Wiz in the Nexus archive.

Earliest in view: Mar 31 · 18:55 UTCMost recent: Jul 3 · 09:18 UTC
Co-mentioned in this coverage
Recent coverage
  • BUSINESSJul 3 · 09:18 UTCBUSINESS INSIDER
    A VP of talent at Google's Wiz shares tips for getting hired at a late-stage startup

    Google's Wiz, after its $32 billion acquisition, has seen a surge in job applications. A talent leader at Wiz emphasized that candidates should align their experience with the company's current growth stage and focus on customer challenges rather than just the company's status.

  • SECURITYJun 9 · 18:05 UTCTHE REGISTER
    Miasma worms its way onto GitHub as attack kit goes open source

    The Miasma worm, a supply-chain attack toolkit, was open-sourced on GitHub via compromised developer accounts, enabling attacks on public registries and repositories. SafeDep identified the malicious repositories, which allow credential-based attacks on platforms like PyPI, npm, and GitHub, following a pattern similar to TeamPCP's earlier mini Shai-Hulud worm. The release has raised concerns about supply-chain security, with 473 affected package artifacts tracked by Socket.

  • SECURITYJun 8 · 11:03 UTCFORTUNE
    Why Lightspeed and Wiz’s Assaf Rappaport bet $37 million on an AI-powered cyberattacker

    A New York-based autonomous offensive security startup raised $37 million in funding from Lightspeed Venture Partners, Cyberstarts, and angels including Wiz CEO Assaf Rappaport. The startup uses AI to simulate continuous cyberattacks, identifying vulnerabilities before real hackers exploit them, following Anthropic’s Mythos model revealing thousands of zero-day flaws.

  • SECURITYJun 1 · 21:54 UTCTHE REGISTER
    Shai-Hulud malware worms Red Hat npm package versions downloaded 80K times a week

    Security researchers discovered malware in 32 Red Hat npm package releases, which were downloaded 80,000 times weekly. The Mini Shai-Hulud worm, linked to TeamPCP, was embedded via a compromised GitHub account, stealing credentials and enabling supply chain propagation. Red Hat removed the packages, stating they were internal and not used in customer systems.

  • SECURITYMay 28 · 07:54 UTCTHE HACKER NEWS
    JINX-0164 Targets Cryptocurrency Firms with Fake Recruiter Lures and macOS Malware

    A new cyber campaign named JINX-0164, led by an undocumented threat actor, has targeted cryptocurrency organizations using recruitment-themed social engineering and custom macOS malware to steal digital assets. The attack involved sophisticated techniques and exploitation of CI/CD infrastructure, as reported by Wiz researchers.

  • SECURITYMay 14 · 10:01 UTCTHE REGISTER
    Dirty Frag gets a sequel as Fragnesia hands Linux attackers root-level access

    A Linux kernel local privilege escalation flaw called Fragnesia has been discovered, allowing unprivileged users to gain root access by corrupting page cache memory. The bug is tracked as CVE-2026-46300 and has public proof-of-concept exploit code available. Linux vendors have started pushing out advisories and mitigation guidance to patch the vulnerability.

  • SECURITYMay 13 · 11:52 UTCTHE HACKER NEWS
    [Webinar] Why Your AppSec Tools Miss the "Lethal Path" (and How to Fix It)

    The webinar discusses how AppSec tools can miss the 'Lethal Path' and how to fix it. Experts from Wiz and Okta/GitLab will share insights on how hackers connect tiny flaws to build a 'Lethal Chain' to data. Register for the Strategic Briefing to learn more.

  • SECURITYApr 29 · 20:08 UTCDARK READING
    Reverse Engineering With AI Unearths High-Severity GitHub Bug

    Wiz utilized an AI reverse-engineering tool to identify a high-severity vulnerability in GitHub, a task previously deemed too costly and time-consuming. The discovery highlights AI's potential in streamlining complex cybersecurity challenges.

  • SECURITYApr 29 · 16:26 UTCTHE HACKER NEWS
    SAP npm Packages Compromised by “Mini Shai-Hulud” Credential-Stealing Malware

    Cybersecurity researchers have identified a supply chain attack campaign targeting SAP-related npm packages with the 'Mini Shai-Hulud' credential-stealing malware. Multiple security firms, including Aikido Security, SafeDep, Socket, StepSecurity, and Wiz, reported the compromise affecting SAP's JavaScript and cloud application packages.

  • SECURITYApr 29 · 13:02 UTCTHE REGISTER
    GitHub: Woah, a genuinely helpful AI-assisted bug report that isn't total slop. Here, Wiz, take this wad of cash

    Wiz researchers discovered a high-severity flaw in GitHub's git infrastructure using Claude AI, enabling remote attackers to gain full read/write access to private repositories via a single command. The discovery earned them a lucrative award from GitHub.

  • SECURITYApr 28 · 16:15 UTCHACKER NEWS
    GitHub RCE Vulnerability: CVE-2026-3854 Breakdown

    A critical Remote Code Execution (RCE) vulnerability, CVE-2026-3854, was disclosed in GitHub, allowing attackers to execute arbitrary code. The flaw, detailed in a Wiz.io blog post, has sparked discussion on Hacker News with 11 comments and 23 upvotes.

  • SECURITYMar 31 · 18:55 UTCAXIOS
    North Korean hackers implicated in major supply chain attack

    North Korean hackers linked to the UNC1069 group are suspected of compromising the Axios npm package, injecting credential-stealing malware into a widely used JavaScript library. The malicious versions were removed quickly, but the attack highlights risks due to Axios's massive adoption across cloud and code environments.

Wiz · Dossier · The Nexus