< ciso
brief />
Tag Banner

All news with #wiz tag

28 articles

GhostApproval flaw exposes AI coding assistants' risks

🛡️ A Wiz report details "GhostApproval," a vulnerability pattern in six AI coding assistants that lets malicious repos use symlinks to escape sandboxes and trick human approvers into authorizing writes outside the workspace. Vendors including AWS, Cursor and Google patched quickly; others acknowledged or had already fixed the issue. Analysts warn this reflects a category-wide design problem where human-in-the-loop prompts can be misleading and enterprises must treat these tools as privileged software and enforce stronger controls.
read more →

GhostApproval: AI coding assistants allow hidden writes

🔒 Wiz Research disclosed GhostApproval, a flaw in six AI coding assistants that allows symlink tricks to make approval prompts misrepresent targets. The vulnerability can let a repository write attacker-supplied keys or files to sensitive locations, potentially enabling passwordless remote access or remote code execution. Amazon, Google and Cursor have patched the issue; Augment and Windsurf have yet to fix it, while Anthropic disputes that its behavior is a vulnerability. Wiz recommends resolving symlinks before approval and flagging writes outside the project.
read more →

GhostApproval symlink flaw lets agents overwrite files

🛡️ Researchers at Wiz disclosed GhostApproval, a symlink-based flaw in six AI coding assistants that can trick an approval prompt into writing to sensitive files. The attack uses a repository with a symlink pointing to targets like ~/.ssh/authorized_keys or ~/.zshrc; the assistant asks to edit an innocuous file but writes to the real destination. Three tools have fixes, two are still unpatched, and Anthropic disputes the classification as a bug.
read more →

Google announces 33 AI-native cybersecurity startups

🛡️ Google for Startups has selected 33 cybersecurity startups for the Gemini Startup Forum: Cybersecurity, pairing each company with experts from Google DeepMind, Google Cloud, and Wiz. The cohort addresses six focus areas including autonomous agent protection, post-quantum cryptography, and data-in-use protection. Startups span agent security, cloud posture, DLP, cryptography, and AI-native SOC tooling. The forum offers APIs, tools, training, and technical resources to accelerate AI-native security innovations.
read more →

High-severity Amazon Q MCP flaw enables cloud theft

🛡️ A high-severity flaw in Amazon Q Developer allowed a malicious repository to spawn MCP servers and execute commands, exposing a developer's cloud credentials. Wiz Research discovered the issue and demonstrated that a single config file (.amazonq/mcp.json) in a cloned repo could trigger AWS credential theft. Amazon patched the vulnerability, tracked as CVE-2026-12957 (CVSS 8.5), and updated Language Servers for AWS and IDE plugins to require explicit consent for untrusted MCP servers.
read more →

MacOS Supply-Chain Attacks Target Crypto Developers

🔍 Wiz has attributed a cluster named Jinx-0164 to a campaign targeting cryptocurrency firms with custom macOS malware, recruiter-themed lures and supply-chain tampering. The actor relies on LinkedIn-based social engineering and lookalike meeting domains to deliver a Python stealer/remote access tool called Audiofix, which poses as an audio driver and harvests keys, credentials and wallet data. They also abuse stolen GitHub tokens to inject backdoors into CI/CD repositories, causing builds to propagate the malware across development environments.
read more →

Google launches AI Threat Defense for enterprises

🔒 Google announces AI Threat Defense, an integrated, automated security system that uses Gemini, Mandiant, Wiz, and CodeMender to detect, prioritize, and remediate AI-powered threats. The platform combines multi-model scanning, live exposure mapping, and AI agents to validate exploitability, generate fixes, and accelerate remediation. It emphasizes machine-speed monitoring, autonomous response, and consolidated visibility across development and runtime environments to reduce attack surface and speed patching.
read more →

AI Coding Fuels Secrets Sprawl, CISOs Struggle to Contain

🛡️ The rapid rise of AI-assisted and vibe coding is accelerating secrets sprawl, with developers and AI agents increasingly introducing credentials, tokens, and private data into code and collaboration tools. Security researchers from Wiz and independent analysts found a Jan. 28, 2026 Moltbook backend misconfiguration on Supabase that exposed 1.5 million API authentication tokens, tens of thousands of emails, and private messages. Organizations report that detection is outpacing remediation: many teams can find leaks but lack governance and processes to revoke, rotate, and purge secrets at scale. Experts urge treating the issue as identity governance, embedding security into the SDLC, and enforcing short-lived credentials and automated rotation.
read more →

How Google and Wiz Shape Multicloud Strategy for CISOs

🔒 In this May 2026 Cloud CISO Perspectives entry, Vinod D’Souza and Anthony Belfiore outline how Google and Wiz are combining deep cloud telemetry with advanced AI research to address multicloud security challenges. They emphasize a developer-centric shift that moves remediation into code using tools like Wiz Code and sensors for hybrid Linux, vSphere, and Windows environments. The authors envision agentic SOCs and near real-time defenses that boost analyst efficiency while preserving human-in-the-loop oversight. The collaboration aims to accelerate self-healing infrastructure without compromising availability.
read more →

Cloud CISO Perspectives: Multicloud and Multi‑AI Security

🔒 At Next '26 Francis deSouza framed Google Cloud's direction as preparing enterprises for an agentic future, positioning the platform as AI‑native, open, and secure. He argued that multicloud and multi‑AI are essential for resilience and highlighted AI-driven SOC automation outcomes including a 90% reduction in mitigation time and Triage and Investigation tasks collapsed from 30 minutes to 60 seconds using Gemini. The integration of Wiz was presented as a way to secure self‑hosted and multicloud AI lifecycles, while a new whitepaper and the Gemini Enterprise Agent Platform outline governance, prompt sanitization, and agent identity controls.
read more →

RSAC 2026: Securing AI and the Workforce of Tomorrow

🔐 At RSAC 2026, Google Cloud leaders outlined a three-stage AI adoption journey—automate tasks, redesign workflows, and rethink functions—and stressed the need for a bilingual workforce fluent in both domain and AI. They warned that AI expands the attack surface across models, agents, and data, urging multi-model, multicloud resilience and identity-centric defenses. Google highlighted the Secure AI Framework, partnerships to counter supply-chain threats like OpenClaw, and agentic SOC innovations, including the acquisition of Wiz and its AI-Application Protection Platform.
read more →

RSAC '26: Supercharging Agentic AI Defense with Threat Intel

🔒 Google Cloud outlined a coordinated set of AI-driven security advances at RSAC ’26, anchored by the completed acquisition of Wiz and new agentic defense capabilities. The company highlighted Mandiant's M-Trends 2026 findings on rapid adversary operations and published guidance on AI risk and resilience. Previewed offerings include Google Security Operations with autonomous triage agents, dark web intelligence powered by Gemini, and expanded protections across model, data, and network security.
read more →

Google Completes Acquisition of Wiz to Boost Cloud Security

🔐 Google has completed its acquisition of Wiz, which will join Google Cloud while retaining the Wiz brand. The combined offering delivers an AI-powered cloud security platform that unifies visibility across cloud, hybrid, and multicloud environments to prevent, detect, and respond to threats. Customers can expect continued support for AWS, Azure, Oracle, and on-premises systems, along with integrations to Google Threat Intelligence and Mandiant consulting. The acquisition is positioned to accelerate AI-native security capabilities, simplify code-to-cloud defenses, and reduce operational toil for security teams.
read more →

Kubernetes security: strengthening cluster defenses

🔒 New Kubernetes clusters are probed and often attacked within minutes, with honeypots run by Palo Alto Networks, Wiz and Aqua Security showing initial compromise attempts in roughly twenty minutes and repeated automated scans against container ports. The platform's permissive defaults and complex model make standard cloud controls insufficient. Organizations should adopt Kubernetes-specific controls: harden and automate RBAC, isolate workloads with network and namespace policies, store secrets in dedicated key management services, perform regular audits, and train developers on platform-specific threats and secure CI/CD practices.
read more →

Wiz benchmarks AI agents in cybersecurity model arena

🛡️Wiz has built a 257-challenge benchmark suite to evaluate AI agents across five offensive security domains: zero-day discovery, CVE detection, API security, web security, and cloud security. Tests run inside isolated Docker containers with no per-challenge timeouts, use deterministic scoring rubrics, and give each agent three attempts per challenge. The vendor-agnostic framework measures capability rather than throttling, and in Wiz's announcement Claude Code on Claude Opus 4.6 narrowly topped the trials, with Gemini 3 Pro placing second.
read more →

EU Clears Google's $32B Wiz Deal, Intensifying Cloud Security Competition

🔒 The European Commission has given unconditional approval for Google's $32 billion acquisition of cloud security vendor Wiz, removing a major regulatory hurdle. The clearance lets Google Cloud fold Wiz's multi‑cloud security capabilities into its stack while regulators found no meaningful competition harm. Analysts warn the tie-up could accelerate hyperscaler-led security consolidation, raise long-term lock-in risks, and shift incentives away from cloud neutrality.
read more →

Urgent: Patch React 19 and Next.js to Mitigate RCE

⚠️ Developers must immediately upgrade React 19 and affected frameworks such as Next.js after researchers at Wiz disclosed a critical deserialization vulnerability in the React Server Components (RSC) Flight protocol that can enable remote code execution. The flaw exists in default configurations and impacts React 19.0.0, 19.1.0, 19.1.1 and 19.2.0, while Next.js 15.x and 16.x App Router deployments received a related CVE. Upgrade to the latest vendor-recommended releases now and follow the React blog's guidance.
read more →

Critical RSC Deserialization Flaw in React and Next.js

🚨 A maximum-severity remote code execution vulnerability in React Server Components (CVE-2025-55182, CVSS 10.0) allows unauthenticated attackers to execute arbitrary JavaScript by sending crafted payloads to Server Function endpoints. Affected npm packages include react-server-dom-webpack, react-server-dom-parcel, and react-server-dom-turbopack in specific 19.x releases; fixes are available in 19.0.1, 19.1.2, and 19.2.1. The issue also impacts Next.js (CVE-2025-66478, CVSS 10.0) across multiple releases and has been patched in a series of 15.x and 16.x updates. Security firm Wiz reports roughly 39% of cloud environments host vulnerable instances; apply patches immediately.
read more →

November 2025 security roundup: leaks, ransomware, policing

🔍 In his November roundup, ESET Chief Security Evangelist Tony Anscombe highlights major cybersecurity developments that warrant attention. He draws attention to Wiz's finding that API keys, tokens and other sensitive credentials were exposed in repositories at several leading AI companies, and to a joint advisory revealing the Akira ransomware group's estimated $244 million takings. Tony also flags privacy concerns around X's new location feature, outlines how Australia intends to enforce a proposed under‑16 social media ban, and notes a Europol/Eurojust operation that disrupted malware families including Rhadamanthys.
read more →

Choosing the Best Cloud Security Posture Management Tools

🔒 Cloud security posture management (CSPM) combines threat intelligence, continuous detection, and automated remediation to find and fix cloud misconfigurations that can expose data. Customers—not cloud providers—are responsible for configuring and protecting workloads, so organizations must select CSPM that delivers multicloud visibility, integrated data security, and policy-driven automated remediation. Modern offerings increasingly fold CSPM into broader CNAPP and SSE suites from vendors such as Wiz, Palo Alto Networks, Tenable, and CrowdStrike, making coverage, integration, and operational model critical factors in vendor selection.
read more →