Danielle Aminov

We have been reverse engineering the XZ Utils backdoor and are sharing some initial findings: we've identified multiple hooking options to adapt to different environments, and a hardcoded fake public key that can appear in verbose SSH logs depending on attacker-controlled flags.

🎉 IT'S OFFICIAL: @wiz_io joins @Google to secure the AI era. This is a massive moment for our customers and our team. Thank you to every customer, partner, and Wizard who made this moment possible 💙 We can't wait to share what's next. wiz.io/blog/google-cl…

@shahardorf & I found a phishing campaign abusing oauth applications in Entra in more than 50 organizations! And i promise you that in this blog we explain how you can do it too! And provide all the IOCs 🤭 It's one of these blogs i would enjoy reading! #tldr-0" target="_blank" rel="nofollow noopener">wiz.io/blog/detecting…

I had the pleasure of speaking at @DistrictCon 🪩 in Washington, DC last weekend. It was my second time speaking at the conference - this time about another common misconfiguration in the cloud that should make you think twice. Power outage last year, snowstorm this year ❄️ once again, the hacker community showed up strong. What a community! great energy and brilliant people 🙌

Introducing my Bug Bounty Masterclass. 100% free. I've made $2,000,000+ finding security bugs. I spent the last year turning my methodology into a complete blueprint. 4 hours of video - foundations, reconnaissance, web proxies, hands-on challenges, and certification. Finish it in a weekend and start hacking real-world applications 🐞

We hacked the AWS JavaScript SDK, a core library powering the entire @AWScloud ecosystem - including the AWS Console itself 🤯 How did we do it? Just two missing characters was all it took. This is the story of #CodeBreach 🧵👇

Excited to be returning to @DistrictCon for round two this month! Back on stage again, presenting: Auths Gone Wild – When authenticated means anyone 🪩 Looking forward to another epic DistrictCon and great conversations around auth gone wrong 🔓

Wiz Research has published a new simple Nuclei template for reliably detecting MongoBleed (CVE-2025-14847). We've also updated our blogpost with additional guidance on determining exploitability depending on how you're using MongoDB:

Here's our new blogpost with a technical deepdive into exploitation we're observing in the wild of CVE-2025-55182 (aka react2shell): wiz.io/blog/nextjs-cv…

🚨 React2Shell (CVE‑2025‑55182) in‑the‑wild exploitation & deep‑dive analysis. Critical RCE across React 19, Next.js & all RSC frameworks. Patch now. wiz.io/blog/nextjs-cv…

For the latest developments on React2Shell 👉wiz.io/blog/critical-…

With all the talk about the Next.js PoC, many people missed that the React2Shell vulnerability (CVE-2025-55182) affects the underlying RSC implementation itself. This means other popular frameworks that rely on RSC are also vulnerable. We are still analyzing the impact and ease of exploitation across additional platforms. For example, the commonly used Vite RSC plugin, when running with its default configuration, is also vulnerable with only minor modifications to the existing PoC. Patch your environments as soon as possible 🏃‍♀️

We were analyzing the new RSC vulnerability and its impact. RSC is a React feature, but most apps use it through Next.js, which bundles RSC widely. So it will likely surface most often as Next.js CVE-2025-66478. Patch snippet below 🧐 Initial analysis: wiz.io/blog/critical-…

🪱sharing more on sha1-hulud w/@sshaybbc * 2 packages == ~60% of infections * 400k unique secrets in truffleSecrets.jsons, only 2.5% verified, & the majority of those short lived JWTs for GitHub Actions! * 3/4 of impacted workloads were CI/CD, 1/4 were users 🔗below

WIZ ASM IS HERE!💥 Discover, validate & prioritize all your exposures cloud, AI, SaaS & on-prem. Context-driven ASM powered by Wiz Security Graph. Eliminate exploitable risk everywhere! Ready to see Wiz ASM in action? 🥳 wiz.io/blog/introduci…

I put together a service dependency diagram based on what has been mentioned in today's AWS outage, along with Monday's, and one from Nov 25, 2020 with color coding based on which outage mentioned the dependency.

Finally disclosing the critical supply chain attack I've spent the last 6 months preventing: 🧵

🔥 Curious how we exploited CVE-2025-49844 (RediShell)? From a 2-bit reset to 0-click RCE. Come see me at Hexacon 2025 - Paris, where I’ll share in-depth technical details on the exploitation. See you on Friday 👋 #Redis #Security #RediShell @hexacon_fr

We share data, attack paths, and IOCs. Full write-up → wiz.io/blog/database-…

And who gets hit the most? Our analysis shows: MongoDB is still the top target PostgreSQL has surged into second place MySQL & MariaDB remain significant

Our recent research reveals how malware-less database ransomware actually scales ⚡️ Finding: MongoDB is the most dominant target, and a newly exposed DB can be discovered and hijacked within minutes - without dropping a single binary. 👾 (1/5)🧵