Tag: Wiz Research
-
The Poisoned Push: How a Hidden Flaw in Git Metadata Exposed GitHub to Remote Code Execution
The seemingly mundane git push command has emerged as a significantly more treacherous vector than conventionally presumed. A critical vulnerability was unearthed within the GitHub infrastructure, transmuting a routine code operation into a potent point of exploitation. The anomaly was identified by the Wiz research team and disclosed via the Bug Bounty program on March…
-
CodeBreach: How Two Missing Characters Almost Toppled the AWS Cloud
Security researchers from the cybersecurity firm Wiz have unearthed a critical vulnerability within the AWS CodeBuild service, which facilitated a total takeover of Amazon’s own GitHub repositories and posed a catastrophic risk to cloud environments globally. Designated as CodeBreach, this flaw was disclosed to Amazon last August and remediated in September, preceding any illicit exploitation.…
-
Triple Threat in Triton: Critical Flaws Expose AI Servers to Full Takeover
Critical vulnerabilities discovered in the NVIDIA Triton Inference Server platform pose a significant threat to the security of AI infrastructure across both Windows and Linux environments. This concerns an open-source solution designed for large-scale deployment and maintenance of machine learning models—yet, as it now emerges, its Python backend can be exploited to fully compromise a…
-
Critical Flaw in Wix’s Base44 AI Platform Allowed Access to Private Enterprise Apps
Base44, a widely used platform for AI-assisted application development, was recently found to be critically vulnerable due to a glaring misconfiguration in its authentication system. The flaw allowed malicious actors to gain unrestricted access to private applications created by other users—simply by knowing their identifier, the “app_id.” This piece of information, far from confidential, is…