Shay Berkovich @sshaybbc
Threat Research at WIZ Israel Joined March 2016-
Tweets108
-
Followers156
-
Following211
-
Likes865
More from me on s1ngularity, the Nx supply chain attack. We @wiz_io took advantage of the break in attacker activity to break down: * overall impact * efficacy of the AI usage (not great!) * TTPs and investigation breadcrumbs we've seen to date * our work to notify victims
😱Imagine waking up to see all your private github repositories were published publicly ... That's what happened overnight for >400 users/orgs and >5000 repositories s1ngularity (the Nx supply chain attack) continues to bear fruit for attackers. Rotate ASAP!
In light of recent GitHub Actions incidents (Ultralytics, tj-actions...), I wrote up a practical guide to hardening for @wiz_io Covers permissions, secrets, 3rd-party Actions, ++ Use it to avoid learning these lessons the hard way: wiz.io/blog/github-ac…
🔍IT'S HERE: #ExfilCola, our cloud IR security CTF challenge!🥤 Your mission: - Investigate the cloud environment logs - Research the compromised machines - Secure the files and save the day ⏰ The Cloud Hunting Games are live >> cloudhuntinggames.com
Re #IngressNightmare - until yesterday, there have been only one Critical and 12 Highs in K8s according to official CVE feed[k8s.io/docs/reference…] (since 2017). Its 2 and 15 now. This is big.
😺 Cat's out of the bag We've updated our blog post on the `tj-actions` / `reviewdog` incident to disclose the target. We also have new details on the root cause of the `reviewdog` element. h/t @sshaybbc for a ton of leg work here
Check this out before #KubeCon - we analyzed a huge amount of clusters to get some interesting security stats, like the adoption of the new EKS authentication mode. Hint - its low. Details inside 👇
Check this out before #KubeCon - we analyzed a huge amount of clusters to get some interesting security stats, like the adoption of the new EKS authentication mode. Hint - its low. Details inside 👇
🔥 You can now add TruffleHog to Burp Suite! 🌐 Install it directly from the BApp Store 🔍Scan web traffic for live, verified credentials—active & exploitable Because secrets don’t just leak in code… 😬 Big Thanks to @PortSwigger ! 🙌 🔗trufflesecurity.com/blog/introduci…
Thrilled to finally share this—one of the coolest container escapes I’ve seen! 🔥 wiz.io/blog/nvidia-ai… A subtle logic bug that lets you break out to the host on ANY NVIDIA GPU-supported container 🤯 Can’t believe we had to sit on the technical details for so long! Incredible…
Thrilled to finally share this—one of the coolest container escapes I’ve seen! 🔥 wiz.io/blog/nvidia-ai… A subtle logic bug that lets you break out to the host on ANY NVIDIA GPU-supported container 🤯 Can’t believe we had to sit on the technical details for so long! Incredible… https://t.co/f2cAIBRxaY
🚨 Supply chain attack alert: The curious case of #Ultralytics. A #GitHub Action compromise led to the release of malicious versions (8.3.41, 8.3.42) of the popular Ultralytics Python package, embedding a cryptominer into systems via PyPI.
🌩️ CLOUD THREAT MONTHLY ROUNDUP 🌩️ 🚨Storm-0501 targets hybrid environments, exploiting on-prem vulnerabilities & Microsoft Entra IDs. 🐧REF6138 hits Linux Apache2 with DDoS, cryptominers & malware. ⚠️perfctl hijacks Linux servers stealthily. Read more: threats.wiz.io
🎙️ Don't miss the latest #CryingOutCloud episode! @AmitaiCo & Eden dive into cloud security challenges, AI vulnerabilities, Info Stealers Mitigation, and more. Tune in! 📺 youtube.com/watch?v=RjdZgy… 🍏podcasts.apple.com/us/podcast/ai-…
We discovered a container escape vulnerability in the @nvidia Container Toolkit. It allows attackers to gain full access to the host's filesystem and achieve Remote Code Execution (RCE). Here's everything you need to know about CVE-2024-0132 🧵👇
Check out the first entry in our new blog series on cloud IOCs, a subject I'm quite passionate about. We've also launched a new open source collection of such indicators, available here (we'll be updating this regularly): github.com/wiz-sec-public…
Check out the first entry in our new blog series on cloud IOCs, a subject I'm quite passionate about. We've also launched a new open source collection of such indicators, available here (we'll be updating this regularly): github.com/wiz-sec-public…

ابو ريان شم�... @almuostaqbal
298 Followers 3K Following
bb00x @NathaniaMi47971
652 Followers 3K Following Bug bounty hunter that loves programming https://t.co/zYnJ6w3FwD
Quang Nguyen @sovietw0rm
804 Followers 6K Following
Scott Piper @0xdabbad00
19K Followers 317 Following https://t.co/EXe2MI2DLm Cloud security historian. Developed https://t.co/ZXFwkuxUp4, CloudMapper, and Parliament. Organizer for @fwdcloudsec. Researcher at @wiz_io ✦
Rich Harang @rharang
3K Followers 701 Following Security of AI, AI for Security AI Red Team @ NVIDIA Using bad guys to catch math since 2010 `from standard_disclaimers import *`
Debbie Jane @DebbieJ32310
0 Followers 169 Following Recruiting webshell engineers to penetrate websites, with a mont hly salary of up to $100,000. If interested, please contact https://t.co/djcgYphd0z
Thomas Klemm @thomasjklemm
584 Followers 8K Following
Jinmkerm @jinmkerm40611
14 Followers 143 Following
Aurora⭐️👼 @AuroraHoX
3K Followers 4K Following Stargazer & entrepreneur | ‘HoX’ = Hugs of X | Universe whispers, I act. Chasing Mars,Moon,Andromeda …✨🚀
Mohammed Hr0x 🇲�... @medhr25
15 Followers 945 Following
ghjfghgvn @menahem_mor
9 Followers 565 Following
Joshua Jebaraj @joshva_jebaraj
1K Followers 1K Following Here to become better physically | mentally | financially in that order
Hecber Cordova @hecber
136 Followers 764 Following InfoSec professional with an agile and DevOps mindset, pragmatic leader and security evangelist
InfosecGandalf @InfosecMinion
1K Followers 5K Following Director of Engineering - Security & Privacy. DevSecOps, xMSFT, In weird relationship with coffee machines.
ken\d\x @ken5scal
6K Followers 2K Following 事業会社でサイバーセキュリティ・インフラ・社内基盤担当。Secure旅団という技術同人サークル主宰。Podcast「Secure Liaison」やニュースレター「忙しい人のためのセキュリティ・インテリジェンス」を発刊中. UC Berkeley Alumni
Omer @omerd9
37 Followers 1K Following
Madhu Reddy @msreddyshada
10 Followers 488 Following
Jared Perry ⛈️ @jared_perry
1K Followers 4K Following Helping companies tackle ☁️ security problems and build successful security programs🛡. Sometimes posts useful content. 🇨🇦 🏳️🌈
Juan Carlos Vázquez ... @jc_vazquez
5K Followers 6K Following IT & Security Professional | #InfoSec #cybersecurity 🛡 | Attitude is a little thing that makes a big difference 
Shahar_Dorfman @shahardorf
9 Followers 138 Following
h0wl @h0wlu
4K Followers 2K Following 🛡️@redteampl Co-founder 🦉@BlackOwlSec Founder 🧜♀️@WarConPL Co-founder 👨🔬Fuzzing & AI 🕵️Web2 & Web3 Security 🪽Angel Investor
Ankur @Ankuryogi11
341 Followers 6K Following
dams @damstux
14 Followers 630 Following
terrence @tstank
468 Followers 3K Following Father, Runner, Linux Admin, TurboNerd, USMC Veteran, Aspiring Security Pro.
Jonas Lejon @jonasl
29K Followers 13K Following Cyber Security since 1998 ✌️ Also known as @kryptera - Chairman of the board at @ISOCSE
stall @s1564813
0 Followers 572 Following
lived @chngjzh
32 Followers 1K Following
Bitcoin Frogs @BitcoinFrogs
66K Followers 36K Following 10,000 timeless frog collectibles stored on Bitcoin blockchain. Chat: https://t.co/s6tG2QpYSQ. Market: https://t.co/CLkBgGbbcf
k strizzle @WhenOnKStreet
2K Followers 5K Following red team, web app security, digital archaeology, cats... him/he/y'all. fuck putin. free Palestine. ANTI- FASCIST AF.
J⩜⃝mie Williams @jamieantisocial
10K Followers 7K Following threats && stuff || #UNC1799 forever 🤘|| @DistrictHeather ♥️ + 🍷 **𝚅𝚒𝚎𝚠𝚜 𝚎𝚡𝚙𝚛𝚎𝚜𝚜𝚎𝚍 𝚊𝚛𝚎 𝚖𝚈 օ𝚠𝚗**
Omar Hoyos @TheCyberIntel
67 Followers 1K Following Perpetual Information Security Student. Love #Malware Analysis, #DFIR, #Forensics, Incident Response, #ThreatIntel, #OSINT, #Cloud https://t.co/fAZ3op8zDi
tomato @tomato1931030
17 Followers 592 Following
Boaz Babai @IsraelTechNews
28K Followers 18K Following Brand awareness and business impact for Israeli #B2B companies with innovative products and services.
Nagli @galnagli
39K Followers 482 Following Hacker; Head of Threat Exposure at @wiz_io 🧙♂️; Bug Bounty Hunter; Live Hacking Events Winner
doomholderz @doomholderz
7 Followers 40 Following security engineer & researcher, but NOT both at the same time
はや(・ε・)ぶ�... @haya14busa
2K Followers 1K Following GitHub: https://t.co/CocuMw6TM2 English: @__haya14busa__ 第4回スプラトゥーン甲子園沖縄地区予選優勝/つぶあん14傑/仲間27傑/第三回123杯優勝(1/110)/勝手に+昭和イカ優勝(1/63)
Sable Dima @SableDima
439 Followers 1K Following Solving signal-to-noise crisis📈for top VCs: from 1000 DMs/day to 20 worth gems. Your tunable smart faucet🚰for inbounds=🦄no unicorns missed, 15 hrs/week saved
roei hadashi @r03i1998
2 Followers 122 Following
Seaslut @SeaslutwcR
38 Followers 4K Following
solst/ICE of Astarte @IceSolst
21K Followers 2K Following Pentester turned seceng turned meeting canceller - meetup https://t.co/E4rlINC0U6 - conf tracker https://t.co/tReNhuhANF
bb00x @NathaniaMi47971
652 Followers 3K Following Bug bounty hunter that loves programming https://t.co/zYnJ6w3FwD
Ashish Rajan 🤴🏾 @hashishrajan
4K Followers 1K Following CISO | Helping CISOs & Tech Leaders navigate GenAI & Cyber Risk Strategy | Host 🎙️ @CloudSecPod + @AISecPod | Men’s fashion
OSINTdefender @sentdefender
1.6M Followers 1K Following Open Source Intelligence Monitor focused on Europe and Conflicts across the World. RT ≠ Endorsement. Want to Support my Work? https://t.co/PcUbewvWPr
Tomer Sabag @0xTomer
318 Followers 2K Following Head of Product Security @wiz_io, Ex Principal Security Architect @snyksec, @OracleCloud.
Chris Farris (@jcfarr... @jcfarris
2K Followers 464 Following Cloud Security nerd @fwdcloudsec Organizer | Warning: Snark ahead | @[email protected]
Hecber Cordova @hecber
136 Followers 764 Following InfoSec professional with an agile and DevOps mindset, pragmatic leader and security evangelist
Joshua Jebaraj @joshva_jebaraj
1K Followers 1K Following Here to become better physically | mentally | financially in that order
Jared Perry ⛈️ @jared_perry
1K Followers 4K Following Helping companies tackle ☁️ security problems and build successful security programs🛡. Sometimes posts useful content. 🇨🇦 🏳️🌈
Chris Thompson @retBandit
7K Followers 872 Following CEO, RemoteThreat, Head of Red team @ IBM X-Force, Black Hat Review Board. Founder and co-organizer of Offensive AI Con. inveni et usurpa
Phil Venables @philvenables
14K Followers 591 Following All about cyber, resilience, risk, AI - at scale. Partner - Ballistic Ventures / Google - Strategic Advisor / 4 x CISO / Board Director / Chief Risk Officer
はや(・ε・)ぶ�... @haya14busa
2K Followers 1K Following GitHub: https://t.co/CocuMw6TM2 English: @__haya14busa__ 第4回スプラトゥーン甲子園沖縄地区予選優勝/つぶあん14傑/仲間27傑/第三回123杯優勝(1/110)/勝手に+昭和イカ優勝(1/63)
payloadartist @payloadartist
43K Followers 284 Following Yapping about AI, AppSec, Hacking, & Cybersecurity • Helped secure organizations like Google • Opinions are my cat's • Part-time shitposter
Billy Lynch @wflynch
328 Followers 291 Following Software Engineer @chainguard_dev | gitsign @projectsigstore | @tektoncd | Prev: @Google
Rojan Rijal @mallocsys
962 Followers 39 Following Offensive security research & building @OphionSecurity
kingbri @kingbri1st
552 Followers 292 Following Med student ⚕️ | AI/ML+iOS dev | Babiniku VTuber Manami Starling | 🎨 #ManaMuses | Streams Fri/Sat 9 PM EST
Anthony Weems @amlweems
3K Followers 270 Following Cloud Vulnerability Research • The opinions stated here are my own, not those of my company.
Nagli @galnagli
39K Followers 482 Following Hacker; Head of Threat Exposure at @wiz_io 🧙♂️; Bug Bounty Hunter; Live Hacking Events Winner
Adnan Khan @adnanthekhan
3K Followers 209 Following Security Engineer | Part Time Security Researcher | Build Pipeline Menace | All thoughts and opinions are my own | 🍉
Yakir Kadkoda @YakirKad
276 Followers 578 Following 🧩 Director of Security Research at @AquaSecTeam | Black Hat & DEFCON & RSA Speaker
DistrictCon @DistrictCon
1K Followers 29 Following A new DC hacker conference: Bringing together builders, breakers, and fixers to do cool shit. 🪩 Year 1: January 24-25, 2026 🪩 https://t.co/qYKu4hl0Uj
Mick Ryan, AM @WarintheFuture
355K Followers 1K Following Strategist, Leader & Author | Retd Army Major General | Senior Fellow for Military Studies @LowyInstitute | @CSIS | Futura Doctrina substack | #BannedInRussia
Truffle Security @trufflesec
4K Followers 1 Following The TruffleHog company We find credentials, with open source https://t.co/7CnEqo1inq https://t.co/8vZxthRRXX
Dmytro Rashko 🇺�... @dimetron
600 Followers 4K Following Platform Architect @ Amdocs | AI Ops | #KAgent | (He/Him) https://t.co/I01KwOVD93
Tom Orbach @TomOrbach
3K Followers 787 Following ☁️ Head of Growth Marketing at Wiz | ✍️ Writing MarketingIdeas{.}com | 🎊 Built and sold the Viral Post Generator
Karim El-Melhaoui @karimscloud
828 Followers 705 Following Principal Security Architect & Partner at https://t.co/yIU71SfS40, CloudSec Researcher. Find me at bsky
Aidan W Steele @__steele
9K Followers 2K Following I try to tweet novel things about AWS.“Shit-poster extraordinaire” according to @LastWeekInAWS. He/him. AWS Serverless Hero
Matt Fuller @matthewdfuller
2K Followers 1K Following 💭 Building https://t.co/qF4lN20a4l (better AWS console), https://t.co/dRqqZlMIFL ("open in AI" links) 🛡️ Cloud Security EM @Stripe 🤝 Ex-Founder @CloudSploit_ (sold)
The Hacker News @TheHackersNews
933K Followers 2K Following The #1 trusted source for cybersecurity news, insights, and analysis — built for defenders and trusted by decision-makers.
Germán Fernández @1ZRR4H
35K Followers 461 Following 🏴☠️ OFFENSIVE-INTEL 🏴☠️ Cyber Threat Intelligence by Hackers | Security Researcher en https://t.co/rDrSxZASB3 | @CuratedIntel Member | 🥷🧠🇨🇱
StandWithUs @StandWithUs
390K Followers 750 Following Education is the road to peace! We’re fighting #Antisemitism and supporting Israel around the world. Learn more about #Israel at https://t.co/SifUXUU1G0
Bring Hersh Home @BringHershHome
10K Followers 717 Following Hersh Goldberg-Polin was kidnapped by Hamas terrorists and murdered after surviving 11 months in captivity. May his memory be a revolution for good.
fwd:cloudsec @fwdcloudsec
5K Followers 68 Following Non-profit cloud security conference. June 17-18, 2024 in Arlington, VA. September 17, 2024 in Brussels, Belgium.
Sascha Grunert @saschagrunert
2K Followers 519 Following 👨🏻💻 Kubernetes Steering | CNCF Ambassador | SIG Release Chair | Container Runtimes | Open Source Enthusiast | Speaker | Writer | He/Him
Cyburger @Cyburgerim
4K Followers 309 Following Cyber. M&A. Investments. Trends. Product. Nonsense. English RTs @Cyburgerzz