We have been reverse engineering the XZ Utils backdoor and are sharing some initial findings: we've identified multiple hooking options to adapt to different environments, and a hardcoded fake public key that can appear in verbose SSH logs depending on attacker-controlled flags.

Here's our new blogpost with a technical deepdive into exploitation we're observing in the wild of CVE-2025-55182 (aka react2shell): https://t.co/jBvMgTqjEO

🚨 React2Shell (CVE‑2025‑55182) in‑the‑wild exploitation & deep‑dive analysis. Critical RCE across React 19, Next.js & all RSC frameworks. Patch now. https://t.co/SRS7e2PRZ4

For the latest developments on React2Shell 👉 https://t.co/cMvEbTeWLq

With all the talk about the Next.js PoC, many people missed that the React2Shell vulnerability (CVE-2025-55182) affects the underlying RSC implementation itself. This means other popular frameworks that rely on RSC are also vulnerable. We are still analyzing the impact and ease

We were analyzing the new RSC vulnerability and its impact. RSC is a React feature, but most apps use it through Next.js, which bundles RSC widely. So it will likely surface most often as Next.js CVE-2025-66478. Patch snippet below 🧐 Initial analysis: https://t.co/cMvEbTeWLq

🪱sharing more on sha1-hulud w/@sshaybbc * 2 packages == ~60% of infections * 400k unique secrets in truffleSecrets.jsons, only 2.5% verified, & the majority of those short lived JWTs for GitHub Actions! * 3/4 of impacted workloads were CI/CD, 1/4 were users 🔗below

WIZ ASM IS HERE!💥 Discover, validate & prioritize all your exposures cloud, AI, SaaS & on-prem. Context-driven ASM powered by Wiz Security Graph. Eliminate exploitable risk everywhere! Ready to see Wiz ASM in action? 🥳 https://t.co/m6htGHYo3P

I put together a service dependency diagram based on what has been mentioned in today's AWS outage, along with Monday's, and one from Nov 25, 2020 with color coding based on which outage mentioned the dependency.

Finally disclosing the critical supply chain attack I've spent the last 6 months preventing: 🧵

🔥 Curious how we exploited CVE-2025-49844 (RediShell)? From a 2-bit reset to 0-click RCE. Come see me at Hexacon 2025 - Paris, where I’ll share in-depth technical details on the exploitation. See you on Friday 👋 #Redis #Security #RediShell @hexacon_fr

We share data, attack paths, and IOCs. Full write-up →

And who gets hit the most? Our analysis shows: MongoDB is still the top target PostgreSQL has surged into second place MySQL & MariaDB remain significant

Exposure is only half the story - config is the kicker. In cloud environments, % of exposed servers with no/weak auth: 📊 Redis 72% 📊 MongoDB 8% 📊 PostgreSQL 3% 📊 MySQL/MariaDB ~2.2%

No exotic CVEs here... just misconfigurations like open ports and weak creds. Attackers use the DB’s own commands (DROP, DELETE, backups) to wipe or steal data and leave a ransom note behind. The danger isn’t only lost data - it’s a potential foothold into your network.

Our recent research reveals how malware-less database ransomware actually scales ⚡️ Finding: MongoDB is the most dominant target, and a newly exposed DB can be discovered and hijacked within minutes - without dropping a single binary. 👾 (1/5)🧵

💥 Wiz Research has uncovered a critical Redis vulnerability that's been hiding for 13 years We found RediShell (CVE-2025-49844): an RCE bug in Redis that affects every version of Redis out there. It's rated CVSS 10 - the highest severity possible. The vulnerability lets

I spent the last few weeks digging into hundreds of enterprise-built Vibe Coded applications. When I found a security flaw, it was almost always one of the same 4 simple mistakes. Here they are 🧵

We started this research to connect the dots between malware campaigns and the misconfigurations that enable them 👾 Our biggest takeaway? While you can patch a CVE, you can't patch a human error. Our blog post dives into this critical gap >

🚨 Shai-Hulud: Major npm supply chain attack. 100+ packages weaponized with stolen GitHub tokens, stealing secrets, hijacking repos, and auto-propagating like a worm. Guidance + detections inside:

🚨 Major npm hijack: Attackers took over Qix's account (chalk, debug & more). Malicious versions briefly hit npm, injecting browser code to hijack crypto transactions. DuckDB ecosystem is also affected.