Shay Berkovich @sshaybbc
Threat Research at WIZ Israel Joined March 2016-
Tweets102
-
Followers155
-
Following211
-
Likes860
More from me on s1ngularity, the Nx supply chain attack. We @wiz_io took advantage of the break in attacker activity to break down: * overall impact * efficacy of the AI usage (not great!) * TTPs and investigation breadcrumbs we've seen to date * our work to notify victims
😱Imagine waking up to see all your private github repositories were published publicly ... That's what happened overnight for >400 users/orgs and >5000 repositories s1ngularity (the Nx supply chain attack) continues to bear fruit for attackers. Rotate ASAP!
In light of recent GitHub Actions incidents (Ultralytics, tj-actions...), I wrote up a practical guide to hardening for @wiz_io Covers permissions, secrets, 3rd-party Actions, ++ Use it to avoid learning these lessons the hard way: wiz.io/blog/github-ac…
🔍IT'S HERE: #ExfilCola, our cloud IR security CTF challenge!🥤 Your mission: - Investigate the cloud environment logs - Research the compromised machines - Secure the files and save the day ⏰ The Cloud Hunting Games are live >> cloudhuntinggames.com
Re #IngressNightmare - until yesterday, there have been only one Critical and 12 Highs in K8s according to official CVE feed[k8s.io/docs/reference…] (since 2017). Its 2 and 15 now. This is big.
😺 Cat's out of the bag We've updated our blog post on the `tj-actions` / `reviewdog` incident to disclose the target. We also have new details on the root cause of the `reviewdog` element. h/t @sshaybbc for a ton of leg work here
Check this out before #KubeCon - we analyzed a huge amount of clusters to get some interesting security stats, like the adoption of the new EKS authentication mode. Hint - its low. Details inside 👇
Check this out before #KubeCon - we analyzed a huge amount of clusters to get some interesting security stats, like the adoption of the new EKS authentication mode. Hint - its low. Details inside 👇
🔥 You can now add TruffleHog to Burp Suite! 🌐 Install it directly from the BApp Store 🔍Scan web traffic for live, verified credentials—active & exploitable Because secrets don’t just leak in code… 😬 Big Thanks to @PortSwigger ! 🙌 🔗trufflesecurity.com/blog/introduci…
Thrilled to finally share this—one of the coolest container escapes I’ve seen! 🔥 wiz.io/blog/nvidia-ai… A subtle logic bug that lets you break out to the host on ANY NVIDIA GPU-supported container 🤯 Can’t believe we had to sit on the technical details for so long! Incredible…
Thrilled to finally share this—one of the coolest container escapes I’ve seen! 🔥 wiz.io/blog/nvidia-ai… A subtle logic bug that lets you break out to the host on ANY NVIDIA GPU-supported container 🤯 Can’t believe we had to sit on the technical details for so long! Incredible… https://t.co/f2cAIBRxaY
🚨 Supply chain attack alert: The curious case of #Ultralytics. A #GitHub Action compromise led to the release of malicious versions (8.3.41, 8.3.42) of the popular Ultralytics Python package, embedding a cryptominer into systems via PyPI.
🌩️ CLOUD THREAT MONTHLY ROUNDUP 🌩️ 🚨Storm-0501 targets hybrid environments, exploiting on-prem vulnerabilities & Microsoft Entra IDs. 🐧REF6138 hits Linux Apache2 with DDoS, cryptominers & malware. ⚠️perfctl hijacks Linux servers stealthily. Read more: threats.wiz.io
🎙️ Don't miss the latest #CryingOutCloud episode! @AmitaiCo & Eden dive into cloud security challenges, AI vulnerabilities, Info Stealers Mitigation, and more. Tune in! 📺 youtube.com/watch?v=RjdZgy… 🍏podcasts.apple.com/us/podcast/ai-…
We discovered a container escape vulnerability in the @nvidia Container Toolkit. It allows attackers to gain full access to the host's filesystem and achieve Remote Code Execution (RCE). Here's everything you need to know about CVE-2024-0132 🧵👇
Check out the first entry in our new blog series on cloud IOCs, a subject I'm quite passionate about. We've also launched a new open source collection of such indicators, available here (we'll be updating this regularly): github.com/wiz-sec-public…
Check out the first entry in our new blog series on cloud IOCs, a subject I'm quite passionate about. We've also launched a new open source collection of such indicators, available here (we'll be updating this regularly): github.com/wiz-sec-public…
This is gnarly. I think a workflow that is triggered by the new issue creation and performs basic checks (author) or advanced checks (url filtering) should help here.
This is gnarly. I think a workflow that is triggered by the new issue creation and performs basic checks (author) or advanced checks (url filtering) should help here.
Stripe can start preparing bounty...
Stripe can start preparing bounty... https://t.co/REJOC9CH5y
bb00x @NathaniaMi47971
654 Followers 3K Following Bug bounty hunter that loves programming https://t.co/zYnJ6w3FwD
Quang Nguyen @sovietw0rm
795 Followers 6K Following
Scott Piper @0xdabbad00
19K Followers 317 Following https://t.co/EXe2MI2DLm Cloud security historian. Developed https://t.co/ZXFwkuxUp4, CloudMapper, and Parliament. Organizer for @fwdcloudsec. Researcher at @wiz_io ✦
Rana Salman 3.0 @xRanaSalman
20 Followers 356 Following Armchair Techie. Weekend Anaconda Hunter, Venom seller during the workdays.
Rich Harang @rharang
3K Followers 709 Following Security of AI, AI for Security AI Red Team @ NVIDIA Using bad guys to catch math since 2010 `from standard_disclaimers import *`
Debbie Jane @DebbieJ32310
0 Followers 170 Following Recruiting webshell engineers to penetrate websites, with a mont hly salary of up to $100,000. If interested, please contact https://t.co/djcgYphd0z
Khalid Khan @Khalidkhan0x
16 Followers 358 Following
Thomas Klemm @thomasjklemm
588 Followers 8K Following
Jinmkerm @jinmkerm40611
14 Followers 144 Following
Aurora⭐️👼 @AuroraHoX
3K Followers 4K Following Stargazer & entrepreneur | ‘HoX’ = Hugs of X | Universe whispers, I act. Chasing Mars,Moon,Andromeda …✨🚀
Mohammed Hr0x 🇲�... @medhr25
18 Followers 907 Following
ghjfghgvn @menahem_mor
8 Followers 562 Following
Hecber Cordova @hecber
136 Followers 763 Following InfoSec professional with an agile and DevOps mindset, pragmatic leader and security evangelist
InfosecGandalf @InfosecMinion
1K Followers 5K Following Director of Engineering - Security & Privacy. DevSecOps, xMSFT, In weird relationship with coffee machines.
ken\d\x @ken5scal
6K Followers 2K Following 事業会社でサイバーセキュリティ・インフラ・社内基盤担当。Secure旅団という技術同人サークル主宰。Podcast「Secure Liaison」やニュースレター「忙しい人のためのセキュリティ・インテリジェンス」を発刊中. UC Berkeley Alumni
Omer @omerd9
37 Followers 1K Following
Madhu Reddy @msreddyshada
10 Followers 489 Following
Jared Perry ⛈️ @jared_perry
1K Followers 4K Following Helping companies tackle ☁️ security problems and build successful security programs🛡. Sometimes posts useful content. 🇨🇦 🏳️🌈
Juan Carlos Vázquez ... @jc_vazquez
5K Followers 6K Following IT & Security Professional | #InfoSec #cybersecurity 🛡 | Attitude is a little thing that makes a big difference 
Shahar_Dorfman @shahardorf
13 Followers 137 Following
h0wl @h0wlu
4K Followers 2K Following 🛡️@redteampl Co-founder 🦉@BlackOwlSec Founder 🧜♀️@WarConPL Co-founder 👨🔬Fuzzing 🕵️Web2 & Web3 Security 🪽Angel Investor
Ankur @Ankuryogi11
345 Followers 6K Following
dams @damstux
14 Followers 630 Following
terrence @tstank
459 Followers 3K Following Father, Runner, Linux Admin, TurboNerd, USMC Veteran, Aspiring Security Pro.
Jonas Lejon @jonasl
29K Followers 13K Following Cyber Security since 1998 ✌️ Also known as @kryptera - Chairman of the board at @ISOCSE
stall @s1564813
0 Followers 572 Following
lived @chngjzh
33 Followers 1K Following
Bitcoin Frogs @BitcoinFrogs
67K Followers 37K Following 10,000 timeless frog collectibles stored on Bitcoin blockchain. Chat: https://t.co/s6tG2QpYSQ. Market: https://t.co/CLkBgGbbcf
ironquill @WhenOnKStreet
2K Followers 5K Following red team, cats... him/he/y'all. fuck putin. free Palestine.
J⩜⃝mie Williams @jamieantisocial
10K Followers 7K Following threats && stuff || #UNC1799 forever 🤘|| @DistrictHeather ♥️ + 🍷 **𝚅𝚒𝚎𝚠𝚜 𝚎𝚡𝚙𝚛𝚎𝚜𝚜𝚎𝚍 𝚊𝚛𝚎 𝚖𝚈 օ𝚠𝚗**
Omar Hoyos @TheCyberIntel
61 Followers 1K Following Perpetual Information Security Student. Love #Malware Analysis, #DFIR, #Forensics, Incident Response, #ThreatIntel, #OSINT, #Cloud https://t.co/fAZ3op8zDi
tomato @tomato1931030
19 Followers 567 Following
Boaz Babai @IsraelTechNews
29K Followers 18K Following Brand awareness and business impact for Israeli #B2B companies with innovative products and services.
Nagli @galnagli
39K Followers 482 Following Hacker; Head of Threat Exposure at @wiz_io 🧙♂️; Bug Bounty Hunter; Live Hacking Events Winner
doomholderz @doomholderz
7 Followers 40 Following security engineer & researcher, but NOT both at the same time
はや(・ε・)ぶ�... @haya14busa
2K Followers 1K Following GitHub: https://t.co/CocuMw6TM2 English: @__haya14busa__ 第4回スプラトゥーン甲子園沖縄地区予選優勝/つぶあん14傑/仲間27傑/第三回123杯優勝(1/110)/勝手に+昭和イカ優勝(1/63)
Sable Dima @SableDima
427 Followers 1K Following PROTOCOL solving signal-to-noise crisis VCs return control over DMs—no unicorn FOMO + Worthy founders get replies = web3 primitive forged to attract Mln users
roei hadashi @r03i1998
0 Followers 122 Following
Seaslut @SeaslutwcR
39 Followers 4K Following
solst/ICE @IceSolst
21K Followers 2K Following Pentester turned seceng turned meeting canceller - https://t.co/5hHG2R5lRS (-13$ ARR)
bb00x @NathaniaMi47971
654 Followers 3K Following Bug bounty hunter that loves programming https://t.co/zYnJ6w3FwD
Ashish Rajan 🤴🏾 @hashishrajan
4K Followers 1K Following CISO | Helping CISOs & Tech Leaders navigate GenAI & Cyber Risk Strategy | Host 🎙️ @CloudSecPod + @AISecPod | Men’s fashion
OSINTdefender @sentdefender
1.5M Followers 1K Following Open Source Intelligence Monitor focused on Europe and Conflicts across the World. RT ≠ Endorsement. Want to Support my Work? https://t.co/PcUbewvWPr
Tomer Sabag @0xTomer
319 Followers 2K Following Head of Product Security @wiz_io, Ex Principal Security Architect @snyksec, @OracleCloud.
Chris Farris (@jcfarr... @jcfarris
2K Followers 464 Following Cloud Security nerd @fwdcloudsec Organizer | Warning: Snark ahead | @[email protected]
Hecber Cordova @hecber
136 Followers 763 Following InfoSec professional with an agile and DevOps mindset, pragmatic leader and security evangelist
Jared Perry ⛈️ @jared_perry
1K Followers 4K Following Helping companies tackle ☁️ security problems and build successful security programs🛡. Sometimes posts useful content. 🇨🇦 🏳️🌈
Chris Thompson @retBandit
7K Followers 871 Following Head of Red team @ IBM X-Force. Black Hat Review Board. Founder and co-organizer of Offensive AI Con. Co-Founder of RemoteThreat. inveni et usurpa
Phil Venables @philvenables
14K Followers 590 Following All about cyber, resilience, risk, AI - at scale. Partner - Ballistic Ventures / Google - Strategic Advisor / 4 x CISO / Board Director / Chief Risk Officer
はや(・ε・)ぶ�... @haya14busa
2K Followers 1K Following GitHub: https://t.co/CocuMw6TM2 English: @__haya14busa__ 第4回スプラトゥーン甲子園沖縄地区予選優勝/つぶあん14傑/仲間27傑/第三回123杯優勝(1/110)/勝手に+昭和イカ優勝(1/63)
payloadartist @payloadartist
42K Followers 286 Following Yapping about AI, AppSec, Hacking, & Cybersecurity • Helped secure organizations like Google • Opinions are my cat's • Part-time shitposter
Billy Lynch @wflynch
329 Followers 291 Following Software Engineer @chainguard_dev | gitsign @projectsigstore | @tektoncd | Prev: @Google
Rojan Rijal @mallocsys
930 Followers 39 Following Offensive security research & building @OphionSecurity
kingbri @kingbri1st
558 Followers 291 Following Med student ⚕️ | AI/ML+iOS dev | Babiniku VTuber Manami Starling | 🎨 #ManaMuses | Streams Fri/Sat 9 PM EST
Anthony Weems @amlweems
3K Followers 270 Following Cloud Vulnerability Research • The opinions stated here are my own, not those of my company.
Nagli @galnagli
39K Followers 482 Following Hacker; Head of Threat Exposure at @wiz_io 🧙♂️; Bug Bounty Hunter; Live Hacking Events Winner
Adnan Khan @adnanthekhan
3K Followers 205 Following Security Engineer at big tech | Part Time Security Researcher | Build Pipeline Menace | All thoughts and opinions are my own.
Yakir Kadkoda @YakirKad
278 Followers 579 Following 🧩 Director of Security Research at @AquaSecTeam | Black Hat & DEFCON & RSA Speaker
DistrictCon @DistrictCon
992 Followers 26 Following A new DC hacker conference: Bringing together builders, breakers, and fixers to do cool shit. 🪩 Year 1: January 24-25, 2026 🪩 https://t.co/qYKu4hl0Uj
Mick Ryan, AM @WarintheFuture
354K Followers 1K Following Strategist, Leader & Author | Retd Army Major General | Senior Fellow for Military Studies @LowyInstitute | @CSIS | Futura Doctrina substack | #BannedInRussia
Truffle Security @trufflesec
4K Followers 1 Following The TruffleHog company We find credentials, with open source https://t.co/7CnEqo1inq https://t.co/8vZxthRRXX
Dmytro Rashko 🇺�... @dimetron
603 Followers 4K Following Platform Architect @ Amdocs | AI Ops | #KAgent | (He/Him) https://t.co/I01KwOVD93
Tom Orbach @TomOrbach
3K Followers 785 Following ☁️ Head of Growth Marketing at Wiz | ✍️ Writing MarketingIdeas{.}com | 🎊 Built and sold the Viral Post Generator
Karim El-Melhaoui @karimscloud
826 Followers 704 Following Principal Security Architect & Partner at https://t.co/yIU71SfS40, CloudSec Researcher. Find me at bsky
Aidan W Steele @__steele
9K Followers 2K Following I try to tweet novel things about AWS.“Shit-poster extraordinaire” according to @LastWeekInAWS. He/him. AWS Serverless Hero
Matt Fuller @matthewdfuller
2K Followers 1K Following 💭 Building https://t.co/qF4lN20a4l (better AWS console), https://t.co/dRqqZlMIFL ("open in AI" links) 🛡️ Cloud Security EM @Stripe 🤝 Ex-Founder @CloudSploit_ (sold)
The Hacker News @TheHackersNews
932K Followers 2K Following The #1 trusted source for cybersecurity news, insights, and analysis — built for defenders and trusted by decision-makers.
Germán Fernández @1ZRR4H
35K Followers 461 Following 🏴☠️ OFFENSIVE-INTEL 🏴☠️ Cyber Threat Intelligence by Hackers | Security Researcher en https://t.co/rDrSxZASB3 | @CuratedIntel Member | 🥷🧠🇨🇱
StandWithUs @StandWithUs
388K Followers 749 Following Education is the road to peace! We’re fighting #Antisemitism and supporting Israel around the world. Learn more about #Israel at https://t.co/SifUXUU1G0
Bring Hersh Home @BringHershHome
10K Followers 717 Following Hersh Goldberg-Polin was kidnapped by Hamas terrorists and murdered after surviving 11 months in captivity. May his memory be a revolution for good.
fwd:cloudsec @fwdcloudsec
5K Followers 68 Following Non-profit cloud security conference. June 17-18, 2024 in Arlington, VA. September 17, 2024 in Brussels, Belgium.
Sascha Grunert @saschagrunert
2K Followers 520 Following 👨🏻💻 Kubernetes Steering | CNCF Ambassador | SIG Release Chair | Container Runtimes | Open Source Enthusiast | Speaker | Writer | He/Him
Cyburger @Cyburgerim
4K Followers 308 Following Cyber. M&A. Investments. Trends. Product. Nonsense. English RTs @Cyburgerzz
Salman Sima @SalmanSima
55K Followers 2K Following Fighting Dictatorships and Corrupt Regimes | Fled Iran after imprisonment, torture and hunger strikes | Working for a better tomorrow.Trends for United States
You might like
