Security Intel

Streamline pen-testing by unifying findings from bug bounties, manual audits, and Wiz Red Agent into a single, context-rich view.

Get actionable best practices to shrink your attack surface, protect execution environments, control package ingestion, and catch compromises early.

Following your foundation, operationalize Wiz across development, detection and response, and program maturity so your security program never stops getting stronger.

Secure Microsoft 365 and the cloud it powers — one platform, one graph, complete context.

Unit 42 analyzes npm supply chain evolution post-Shai Hulud. Discover wormable malware, CI/CD persistence, multi-stage attacks and more. The post The npm Threat Landscape: Attack Surface and Mitigations (Updated May 1) appeared first on Unit 42.

Unit 42 highlights the need for a comprehensive security strategy that spans every IT zone. Explore the full details here. The post Essential Data Sources for Detection Beyond the Endpoint appeared first on Unit 42.

Detect and mitigate Copy Fail (CVE-2026-31431), an easily exploitable vulnerability in the Linux kernel that allows escalation from an unprivileged local user account to root access.

Linux Kernel contains an incorrect resource transfer between spheres vulnerability that could allow for privilege escalation.

Unit 42 uncovers high-risk AI browser extensions. Disguised as productivity tools, they steal data, intercept prompts, and exfiltrate passwords. Protect your browser. The post That AI Extension Helping You Write Emails? It’s Reading Them First appeared first on Unit 42.

Delivering enterprise-grade continuous AI-powered risk assessment to hundreds of customers through the combined power of Wiz and Anthropic

When AI meets CI/CD: permission bypasses, prompt injection, and what to do about it.

WebPros cPanel & WHM (WebHost Manager) and WP2 (WordPress Squared) contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthorized access to the control panel.

A malicious release of the lightning PyPI package ships a credential-stealing Bun payload that runs on import. Snyk has a live advisory. Here's what's in the package, what to rotate, and how the payload pattern connects to the Mini Shai-Hulud npm campaign one day earlier.

How AI Adoption, Autonomy, and Attacker Innovation Are Reshaping Cloud Security

Detect and mitigate malicious npm packages linked to the recent Shai-Hulud-style campaign - Mini Shai Hulud.

Providing Application Security teams with visibility and guardrails to secure agentic software development and the modern software supply chain

CVE-2026-40478: The Thymeleaf template injection (CVSS 9.1) is conditional. Patch to 3.1.4+ immediately, and audit your code for dynamic view or template expression misuse, which is the key precondition for exploitability.

A new npm supply chain attack self-branded "Mini Shai-Hulud" compromised four SAP-ecosystem packages on April 29, 2026. Snyk has live advisories. Here's the technical breakdown, IOCs, and what to do.

Bridge the gap to autonomous fixes. Snyk and Atlassian integrate to transform Jira security tickets into precision fixes using Snyk Studio AI, eliminating context switching and resolving vulnerabilities in minutes.

ConnectWise ScreenConnect contains a path traversal vulnerability which could allow an attacker to execute remote code or directly impact confidential data and critical systems.

Microsoft Windows Shell contains a protection mechanism failure vulnerability that allows an unauthorized attacker to perform spoofing over a network.

Attackers exploited a GitHub Actions script injection vulnerability to publish a malicious version of the elementary-data Python CLI (v0.23.3), embedding a credential-stealing backdoor that targeted dbt profiles, cloud provider keys, and SSH secrets from data engineering environments.

Unit 42 research reports that TGR-STA-1030 remains an active threat, particularly in Central and South America. The post TGR-STA-1030: New Activity in Central and South America appeared first on Unit 42.

D-Link DIR-823X contains a command injection vulnerability that allows an authorized attacker to execute arbitrary commands on remote devices by sending a POST request to /goform/set_prohibiting via the corresponding function. The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.

Samsung MagicINFO 9 Server contains a path traversal vulnerability that could allow an attacker to write arbitrary files as system authority.

SimpleHelp contains a path traversal vulnerability that allows admin users to upload arbitrary files anywhere on the file system by uploading a crafted zip file (i.e. zip slip). This can be exploited to execute arbitrary code on the host in the context of the SimpleHelp server user.

SimpleHelp contains a missing authorization vulnerability that could allow low-privileged technicians to create API keys with excessive permissions. These API keys can be used to escalate privileges to the server admin role.

What are the next steps for security leaders in this new age of frontier AI? We answer the top 10 questions customers are asking. The post Frontier AI and the Future of Defense: Your Top Questions Answered appeared first on Unit 42.

Unit 42 reveals how multi-agent AI systems can autonomously attack cloud environments. Learn critical insights and vital lessons for proactive security. The post Can AI Attack the Cloud? Lessons From Building an Autonomous Cloud Offensive Multi-Agent System appeared first on Unit 42.

Marimo contains an pre-authorization remote code execution vulnerability, allowing an unauthenticated attacked to shell access and execute arbitrary system commands.