Crying Out Cloud

Wiz researcher Sagi Tzadik joins us to break down how a single semicolon led to a critical Remote Code Execution (RCE) vulnerability in GitHub.For two years, Sagi sat on a lead. Reverse engineering GitHub's microservices manually was too tedious to justify the time. Then, AI agents arrived. By hooking Claude directly into his reverse engineering software, he condensed months of grueling binary analysis into 48 hours. The result? A critical bug in how GitHub handles git push options that exposed both SaaS and Enterprise environments. We get into the weeds on how different microservices interpreting the same input differently creates massive attack surfaces, and why security by obscurity is officially dead in the age of AI.What's Inside:- How combining Claude with the IDA MCP server dramatically sped up the reverse engineering process- The technical anatomy of the GitHub semicolon vulnerability.- Why microservice communication breakdowns lead to critical RCEs.- The massive difference in impact between GitHub.com and GitHub Enterprise Server.- Why Enterprise users need to patch their instances immediately.Resources:- Learn more about the findings at: https://www.wiz.io/blog/github-rce-vulnerability-cve-2026-3854

Igor Andriushchenko joins Crying Out Cloud to explain how vibe coding changes the role of security engineers. The shift from typing lines of code to shaping entire systems means security teams need new strategies. Developers expect their shipping velocity to increase tenfold with AI assistance. Relying on traditional hard deployment blocks will only cause friction. If you want to understand how to build secure guardrails for AI development without destroying developer momentum, this conversation covers the exact mechanics.What's Inside:The evolution of the Stockholm tech scene and human ambition driven by AI.How Lovable empowers non-developers to build disposable and deeply specific software.The concept of "soft guardrails" and why hard blocks fail in AI-assisted workflows.Future capabilities of AI pen testing using hundreds of autonomous agents.The shared responsibility model when business users build internal applications.

Agentic AI is coming. Are defenders ready?Alon Schindel, Director of Data & Threat Research at Wiz, joins Eden and Amitai for the Season 3 Finale. This isn't just a recap. It is a look at how top-tier research teams operate at speed. Alon explains why Wiz treats research as a "product" rather than a support function. He details the "DeepLeak" discovery where his team found thousands of exposed API keys mere hours after a platform's popularity spiked.What's Inside:Agentic AI: Why 2026 will be the year AI starts taking action, not just chatting.Speed as a Weapon: How to shorten the time between a zero-day and a detection.Culture: The power of the "Table" and collaborative chaos.Retrospective: Lessons from IngressNightmare and the year in vulnerabilities.Resources:Read the DeepLeak Research: https://www.wiz.io/blog/wiz-research-uncovers-exposed-deepseek-database-leakWiz Threat Research Hub: https://www.wiz.io/research

🚨 Vibe coding meets critical data exposure: The Moltbook Hack.On this episode of Crying Out Cloud, Eden Koby Naftali & Amitai Cohen sit down with Wiz researcher Gal Nagli to unpack how he compromised the "Facebook for AI Agents" in under an hour ↓How a simple boolean manipulation (valid: false to true) bypassed authenticationCloud Database misconfigurations and the failure of Row Level Security (RLS)How Claude Code was used to identify and exploit the vulnerabilityThe security reality of "Vibe Coding" and zero-manual-code applications

🚨 Everything you need to know about CodeBreach with Yuval AvrahamiOn this episode of Crying Out Cloud, Eden Koby Naftali & Amitai Cohen sit down with Wiz researcher Yuval Avrahami to unpack a major supply-chain flaw that put cloud environments at risk ↓Misconfigured CodeBuild instances used by AWS themselvesOne small regex mistake, huge consequencesHow an SDK used by the AWS Console could have been hijacked (!)The CI/CD controls that can mitigate this risk

🎙️ Shai-Hulud, Shai-Hulud 2.0, are you keeping up?In this episode of Crying Out Cloud, Eden Koby Naftali & Amitai Cohen go deep into real-world cloud security incidents ↓How Shai-Hulud evolved into Shai-Hulud 2.0A vulnerability affecting Apache TikaReact2Shell and its implicationsGogs zero-day explainedYou DONT want to miss this!This is a technical, concrete conversation focused on how attacks actually happen, how they evolve, and what defenders need to understand to keep up.

🎙️ AI is changing the rules of cyber, are you keeping up?Eden Naftali goes live with leading voices in cloud security:Ryan Nolette (AWS), @John Miller (Google Cloud), and Alon Schindel (Wiz). This episode is essential listening for anyone defending at cloud scale. 👇🔍 Inside ↓1) How AI is supercharging attacker tactics — from hyper-variable phishing to rapid exploit generation2) The rise of "AI slop" and why it's burning analysts' time3) Emerging AI bug-hunters — what they can (and can't) do

Detection engineering just got real!Eden Naftali and Amitai sit down with detection engineering powerhouse Alex Hurtado - and it's a must-listen for anyone in cloud security. 👇🔍 What's inside:The evolution of detection engineering in the cloud — and why traditional rules no longer applyWhy DIY detections > vendor defaultsHow AI is reshaping detection and threat hunting (and why the human in the loop still wins)

🔍 From discovering VS Code supply chain risks → to uncovering Redis Shell vulnerabilities.Eden Naftali and Amitai sat down to unpack: 👇How VS Code extensions became a critical supply chain risk (w/ Rami McCarthy)What RediShell reveals about attacker innovationWhere AI is being weaponized in modern malware🎙️ Listen now to our NEW Crying Out Cloud episode

🚨 The kernel-level security revolution you can't ignore — a must-listen with Liz RiceEden Naftali and Amitai sit down with Liz Rice, Chief Open Source Officer at Isovalent (Cisco), and a global expert in eBPF, containers, and Kubernetes security.🎙️ In this episode:How eBPF is reshaping cloud security from the ground upPractical strategies to tackle open source supply chain attacks (a hot topic given today’s events)A must-listen for anyone building or securing cloud infrastructure in an era of AI coding and supply chain attacks.

🔐 Erik Bloch on his path from military hacker to Illumio security leader.Eden Naftali and Amitai sat down with Erik Bloch & here's what they covered 👇How starting in the military shaped Erik's approach to securityBuilding and scaling cloud detection & response teamsConverting security metrics into actionable business KPIs

🚨 How do you build a 4,000+ strong student-tech community from scratch?Eden Naftali and Amitai sat down with Day Johnson, Security Engineer at  @amazon  , ex-Datadog, founder of CyberWox Academy.What they covered 👇- Detection engineering that works at scale- What breaks IR processes (and how to fix them)- Real talk on breaking into security without shortcutsAlso: why being the "tech kid" in your neighborhood might just launch your whole career.

💡 From cloud chaos to career confessions: live with security minds from RiotGames & Microsoft.Eden Naftali went live, and got personal, with 3 leaders shaping the future of cloud and cybersecurity:Nicole Dove, Head of Security Engineering at @Riot GamesSherrod DeGrippo, Director of Threat Intelligence Strategy at MicrosoftAlon Schindel, VP of AI & Threat Research at WizWhat they unpacked? 👇The heart of threat intel, building trust over tools, and how hobbies reflect how they lead.This Crying Out Cloud episode from RSA just hits different.⏱ Chapters00:05:02 – What it means to be a threat intelligence leader00:10:08 – How threat intelligence should really look00:15:48 – Skirting the tough questions in cybersecurity00:21:07 – Working with third-party vendors in the cloud00:26:17 – What the security industry is getting wrong00:31:20 – The special skill of deep research00:36:20 – A real-world story about leading with trust#CyberSecurity #CloudSecurity #ThreatIntelligence #Infosec #CloudComputing

🎙️ Scattered Spider's new target? Airlines.Eden Koby Naftali & Amitai Cohen break down the latest in the cloud:1️⃣ A connectivity tool vuln & Open WebUI misconfig putting orgs at risk2️⃣ Why attackers are still tricking help desks (and how!)3️⃣ The "lethal trifecta" of AI agent danger, explained 🧠🤖0:25 – Scattered Spider targets the aviation industry1:38 – Help desk hacks: impersonation & real-world stories4:52 – Teleport vulnerability explained9:48 – AI’s “lethal trifecta” and why it matters#CloudSecurity #ScatteredSpider #AIThreats #HelpDeskAttacks #CryingOutCloud #CybersecurityPodcast

🎙️ New ep: David Bianco from Splunk with 🔥 insights from a lifetime of threat hunting.Eden Koby Naftali & Amitai Cohen sat down with David Bianco, creator of some of the most influential models in cyber detection.What they got into ⬇️1) How a threat intel milestone led to the Pyramid of Pain2) Why detection isn't just about indicators3) What good threat hunting teams actually do#CryingOutCloud #CyberSecurity #ThreatHunting #PyramidOfPain #DavidBianco #Splunk #Infosec #CloudSecurity #DetectionEngineering #BlueTeam #SecurityPodcast #SOC #ThreatIntel #IncidentResponse

🎙️ Just dropped: Dr. Anton Chuvakin‬ from Google Cloud, with legendary insights (and cloud security jokes).Eden Koby Naftali & Amitai Cohen sat down with Dr. Anton Chuvakin, Google Cloud's Office of the CISO, and the guy who made SIEM cool!What they got into ⬇️1) Why SOCs are broken (and full of toil)2) How to actually apply AI in security3) Why cloud appliances are still a problem4) What shared responsibility really means

🎙️ All you need to know from Ransomware to CVE Programs!☁️ Join Amitai Cohen and Eden Naftali as they break down the top stories in the cloud:- UK Retail Sector Hit by Ransomware (DragonForce & Scattered Spider)- SAP NetWeaver Vulnerability Exploited in the Wild- CVE Program Faces Major Backlog and Trust Issues

🎙️ Listen to the biggest insights of bug bounty hunting with Justin Gardner 🚨In this episode, Amitai Cohen and Eden Naftali are joined by none other than Justin, renowned bug bounty hunter and host of the Creative Thinking podcast (ctbbpodcast).Justin unpacks some of today's 🔥 topics:- Bug bounty disclosure challenges & trends- Security stories from tech giants: lessons we can all learn- Messaging platform exploits & SSRF risks- Breaking into popular monitoring tools — HTTP pitfalls & key takeaways

🎙️ All you need to know on the latest discoveries and updates ft. Rami McCarthy 🚨In this episode of Crying Out Cloud, @Amitai Cohen & @Eden Koby Naftali are joined by Rami — a Principal Security Researcher here at Wiz.Rami adds some energy and expertise to the table as we dive into a variety of topics:• GitHub Action supply chain attack • IngressNightmare updates. A follow-up to our last episode on this critical vulnerability.• Alleged Oracle breaches: Breaking down the latest rumors and insights.

🎙️ All you need to know on our latest discovery #IngressNightmare 🚨In this episode of Crying Out Cloud, Amitai Cohen & Eden Koby Naftali are joined by Nir Ohfeld — Head of Vulnerability Research at Wiz. Nir and his team have uncovered some of the most impactful vulnerabilities affecting cloud and SaaS applications. In this episode, he's diving into the latest discovery, a critical vulnerability in Ingress-NGINX:• How the team uncovered a critical unauthenticated RCE in NGINX Ingress Controller• Why Kubernetes admission controllers might be the next big attack surface• The wild journey of hunting vulnerabilities in the cloud

🎙 Ready for the latest on AI, cloud security, and Fortune 500 challenges?This week on our podcast Crying Out Cloud, we're joined by none other than Ashish Rajan— a seasoned cybersecurity leader and host of the AI Cybersecurity Podcast & Cloud Security Podcast.Amitai Cohen & Eden Koby Naftali dive into:- The evolution of AI & cloud security- Lessons from securing Fortune 500 & FTSE 100 companies- The biggest challenges (and laughs) in the industry

From Supply Chain Attacks to S3 Ransomware: Critical Cloud Security Stories You Need to Know.🎙️ In this episode of Crying Out Cloud, Eden and Amitai break down the latest cloud security chaos, from sneaky supply chain attacks to AI-powered malware:1) How attackers exploited a GitHub misconfiguration to enable a supply chain attack.2) The latest twist on cloud-native extortion (spoiler: it all comes back to stolen cloud keys).3) NullifAI – Malicious AI models hiding in plain sight.4) whoAMI attack – The clever AWS AMI name confusion flaw that might catch you off guard.

🎙️ SEASON PREMIERE ALERT: Tune in to our latest episode featuring Karim El-Melhaoui, where we dive into the latest cloud security challenges ☁️🔥 Amitai Cohen & Eden Koby Naftali are kicking off the season with:- Cyber risk vs. operational risk – Why cyber risk is harder to quantify and how Norges Bank used NIST's Cybersecurity Framework to strengthen resilience.- Open-source tools fuel innovation, but many are abandoned without long-term support.- How cloud security alliance Norway is setting stronger security standards.🎧 Ready for season 3 of #CryingOutCloud?

Why is everyone suddenly talking about DeepSeek? 👀 🎙️ If you've been seeing DeepSeek everywhere but are wondering what the actual buzz is about - this is for you: Our new podcast features Gal Nagli from the Wiz Research team, breaking it down with Eden Koby Naftali and Amitai Cohen. Plus: Get the full story behind our recent DeepSeek database discovery that made headlines ⚡

🎙️ Every great story starts with a beer in the Alps... From building #Adallom to becoming a sommelier — hear Roy Reznik's journey as Co-Founder and VP R&D at @wiz in our podcast season finale! In this episode Eden Koby Naftali & Amitai Cohen dive into: ☁️ Roy's journey from Tel Aviv to London—culture. 🛠️ How companies can scale fast while staying secure. 💡 How R&D should foster a culture where developers proactively embrace security as a core value. 🤖 Thoughts on AI in development — Co-Pilots: where do they excel?

🎙️ Unpack AWS re:Invent's top announcements, trends, and what's next for cloud practitioners with @Scott Piper! Join Eden Naftali and Amitai Cohen in our latest #CryingOutCloud episode featuring Scott Piper, Wiz's Principal Cloud Security Researcher and "cloud security historian". In this episode: 🌟 AWS re:Invent highlights: Aurora DSQL, Nova genAI, EKS Auto Mode 🔒 Security updates on RCPs, VPC Block Public Access, Declarative Policies for EC2 🎬 Scott's favorite cloud-themed movies from Wiz Video World (Pulp Encryption, anyone?)

Dive into the latest #CryingOutCloud episode featuring Johann Rehberger! Join Eden and Amitai as they sit down with Johann Rehberger, Red Team Director at  @electronicarts  and a cybersecurity expert. Johann also publishes innovative security research on his blog, Embrace the Red. What you'll learn: 📌 Red teaming strategies to strengthen security programs 📌 Insights from Johann’s cutting-edge AI security research and experience 📌 The funny story behind Johann’s alias, Wunderwuzzi Tune in now! 🎧

🎙️ Tune in to the latest #CryingOutCloud episode featuring Tanya Janca, where we dive into all things cloud! Join Eden and Amitai as they welcome Tanya Janca, founder of 'We Hack Purple', and the author of 'Alice and Bob Learn Application Security'. She's seen it all—from launching AppSec programs to teaching secure coding and leading on education at Semgrep. In this episode: 🌐 Building security programs from scratch 🔍 The value of static analysis tools for developers 🇨🇦 The Canadian cybersecurity landscape and her take on global challenges 💡 Tips for securing AI applications in the age of generative AI

🎙️ Ready for the latest on Hybrid Cloud Attacks, Linux Malware, and LLMJacking? Join our hosts Eden Koby Naftali and Amitai Cohen in our NEW #CryingOutCloud episode. In this episode: 📌 The perfctl malware campaign—stealthily mining crypto on thousands of Linux machines undetected for years 📌 Storm-0501 hybrid cloud attacks, targeting everything from hospitals to law enforcement, with ransomware and stolen admin credentials 📌 LLMJacking—the latest evolution in malicious cloud access, selling AI access on underground markets

🎙️ Catch the latest episode of #CryingOutCloud, where Amitai Cohen and Eden Koby Naftali tackle key cloud security challenges from AI Toolkit Risks to CUPS Vulnerabilities! Tune in to hear about: 📌 Wiz Research discovered a vulnerability affecting the Nvidia container toolkit 📌 Google's novel Info Stealers Mitigations 📌 All the talk around the CUPS vulnerabilities 📌 How to leverage Atomic Cloud IOCs [And so much more...]

📢 Tune in for the special episode of Crying Out Cloud with  @Gitlab 's Julie Davila! 🚀 Join our Co-host Eden Koby Naftali and the cybersecurity leader Julie Davila, VP of Product Security at GitLab as they dive into: 📌 Balancing transparency in open-source tooling with security risks. 📌 Democratizing security: How GitLab empowers engineers to take ownership of security without disrupting their workflow. 📌 Plus, insights into empowering women in cloud security and why diverse representation is crucial for the industry's future.

📢 From DDoS attacks to discovering a new cryptojacking campaign, tune in to our NEW episode of #CryingOutCloud to learn about all the latest cloud security news. Join our hosts Eden and Amitai as they dive into the latest cloud security stories: * SeleniumGreed: Wiz Research discovered a new cryptojacking campaign targeting SeleniumGrid * Why your Starbucks app went down? * Internet chaos and lessons learned from DigiCert revoked certificates. * ESXi ransomware: The danger of trusting by name.

📢 Tune in for an exclusive session with Ryan Kazanciyan on securing a security vendor, hyper-growth, and AI impact in the latest podcast episode of #CryingOutCloud! Join our hosts, Amitai Cohen and Eden Koby Naftali, as they dive into cloud security with Ryan Kazanciyan, our seasoned expert leading security at @Wiz. 🔍 Episode Highlights: 📌 Managing security during hyper growth: challenges and lessons learned. 📌 Ryan's experiences at Mandiant and the impact of the APT1 investigation on his approach to security. 📌 Current security trends and the role of AI in security. 📌 Ensuring safe use of AI tools like ChatGPT within the organization for internal use and product development.

📢 Tune in to our special episode with Hillai Ben-Sasson with all you need to know about #SAPwned. TL;DR - The Wiz Research Team uncovered serious vulnerabilities in SAP AI Core, revealing potential risks in #AI infrastructure.

📢 Tune in to Snowflake's Haider Dost for an exclusive session on Securing Databases, Cloud Threat Intelligence, and Detection strategies. The latest podcast episode of #CryingOutCloud is LIVE! Join our special hosts, @Alon Schindel and @Eden, as they dive deep into the world of cloud security with Haider Dost, Head of Global Threat Detection and Threat Intelligence at Snowflake. 🔍 Episode Highlights: 📌 Recent campaign targeting Snowflake customers. 📌 Discussion on the new mandatory MFA for Snowflake admins and its impact. 📌 Architecture of detection in the cloud & logging. What does it mean to work in a highly regulated environment compared to a fast-growing company like Snowflake. 📌 Defining "good security" in traditional vs. cloud-native settings.

📢 From data privacy norms in the age of AI — tune in to the latest episode of #CryingOutCloud with all you need to know from the cloud security news 🚨 Join Eden Naftali and Amitai Cohen as they dive into: 🔍 How a new AI processing cloud service is challenging data privacy norms. 🛡️ The implications of a potential firewall misconfiguration and how to secure your environment. 🔐 The latest ransomware attacks on GitHub repositories and how to safeguard your data. ⚠️ A new discovery by Wiz research: crypto-jacking campaign targeting Kubernetes clusters. 🐘 Critical remote code execution vulnerability in PHP and how to mitigate the risk.

💥 EXCLUSIVE: Wiz Research uncovers CVE-2024-37032, aka #Probllama — a vulnerability in Ollama that that left thousands of #AI models exposed 😲  

What is it like to be IBM's 'Chief Llama Officer'? 🦙 🎙️ Tune in as Jerry Bell shares his journey from crashing his first computer at 10 to leading IBM's Public Cloud Security What's on today's agenda? 😲 Managing a popular 'Mastodon' server post-Twitter acquisition 🛡️ Challenges and surprises as IBM's CISO 🔐 Insights on the security implications of M&A

🎙️ All that's 🔥 in the cloud: From logging and cloud attacks to NVD backlog updates. what's on today's agenda? 1️⃣ Discover how logging bypass made password-spray attacks undetectable. 2️⃣ Learn about the latest way attackers are monetizing cloud access - by selling access to other people's AI models. 3️⃣ NVD's ongoing backlog - Hear about how the industry is dealing with it.

Our latest episode of Crying out cloud features none other than Kat Traxler, a seasoned security professional renowned for her expertise in cloud research.🚀 Here's a sneak peek at what we'll cover: 🔍 Threat modeling: Kat's practical insights 🔧 "DeRF": Kat's revolutionary tool and how it can help cloud security practitioners 💡 Dispelling myths about cloud security and how it challenges the OSI model 🔬 Future research directions in cloud security & Kat's latest projects in the field

🚨 BREAKING: Wiz Research identifies critical risks in #AI-as-a-service 🚨 Dive into Crying Out Cloud's latest episode, featuring a very special guest, Shir Tamari, head of the research team at Wiz. This episode sheds light on the security challenges that come with the rapid integration of AI technologies. Highlights include: 🚀 Exploring the rapid integration of AI and its associated security risks, identified by Wiz Research in collaboration with Hugging Face. 🛡️ Exposing two significant security flaws within Hugging Face's systems: shared inference and CI/CD systems, which could potentially offer unauthorized access to sensitive data. 📢 Highlighting the critical need for robust security frameworks in AI services. ✅ Demonstrating Hugging Face's dedication to security through the adoption of Wiz CSPM, continuous vulnerability assessments, and annual penetration tests, thereby establishing a high standard in AI safety.

The backdoor in XZ Utils is shaking the industry 🔔 How could we not talk about it? Tune in to the special unscheduled episode of Crying Out Cloud with Eden Naftali and Amitai Cohen as they delve into the stealthy supply chain attack! In this episode: 🔍 The Alert from CISA regarding CVE-2024-3094, a vulnerability in XZ Utils Data Compression Library versions 5.6.0 and 5.6.1 🛑 The potential risks posed by the embedded malicious code and the unauthorized access it may grant to affected systems 🛡️ Security Team Action Plans Tune in now!

🎙️ What is a better way to stay updated on cloud security than a NEW Crying Out Cloud episode! Join Eden Naftali and Amitai Cohen as they explore what is new and 🔥: 👾 Open-source repos flooded by malicious code. 💻 What is to become of the National Vulnerability Database? ⛓️ Proof of bandwidth cryptojacking 🛠️ Critical vulnerabilities discovered in popular CI/CD tool Links:   https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/  https://github.blog/2024-02-29-keeping-secrets-out-of-public-repositories/  https://research.openanalysis.net/github/lua/2024/03/03/lua-malware.html  https://resilientcyber.substack.com/p/death-knell-of-the-nvd  https://sysdig.com/blog/cloud-threats-deploying-crypto-cdn/ 

The NEW exclusive interview with hacker extraordinaire Sam Curry on Crying Out Cloud is out! Join Eden Naftali and Amitai Cohen as they explore the role of a Bug-Bounty Hunter with Sam Curry: 🔑 Learn about Sam's journey into security research 🛠️ Favorite tools and underrated platforms 🤖 The trustworthiness implications of AI-driven technologies in transportation. 🔒 Vulnerabilities within a major tech company's infrastructure. The tradeoff between scanning gigantic IP ranges and selecting the best research targets. Important links: https://samcurry.net/web-hackers-vs-the-auto-industry/ https://samcurry.net/hacking-apple/ https://samcurry.net/points-com/

Loading from the Cloud... Season 2 of "CRYING OUT CLOUD" is here! Join our hosts, Eden and Amitai, as they dive into the latest cloud stories that we can't wait to share with you Here's a sneak peek into the season's opening: 🚗 Mercedes-Benz Source Code Exposure: A public GitHub Repo was exposed - allowing unauthorized access to the company's internal servers, including AWS and Azure subscriptions. The credentials remained publicly accessible for 3-4 months. 😱 🌨️ Midnight Blizzard Hits Microsoft: Russian actors (Midnight Blizzard) got into Microsoft's network and stole employee emails, finding a misconfigured account with a weak password. Among other things, they tried to find out what Microsoft knew about their activity. 🔐 Ivanti Vulnerabilities: Ivanti's VPN products exposed vulnerabilities, allowing remote code execution and authentication bypass, exploited by a Chinese Threat Actor.

🛡️ Join Eden Naftali & Amitai Cohen's exclusive interview with Yinon Costica, as he brings unparalleled expertise to the table. From his beginnings in Israel's 8200 intelligence unit, through Adallom, which was acquired by Microsoft, to co-founding Wiz

🎙️ NEW SPECIAL PODCAST EPISODE WITH @CHRIS HUGHES! 🎙️ Here's a sneak peek into our chat: 🛡️ Join Chris, Amitai, and Eden as they unveil intriguing security nuances between public and private sectors. Gain exclusive insights into FedRAMP, straight from Chris's expertise, and his take on the implications of President Biden's AI order for the cybersecurity landscape. 🌐 How exactly does SBOM adoption act as a shield against supply chain breaches? What other strategies can fortify against such attacks? 🔍 Delve into the post-COVID startup world. Chris touches on the intricacies of the challenges faced, offering a glimpse into how these innovative ventures navigate a changed landscape. Tune in for a captivating talk below!

🎙️ NEW PODCAST EPISODE ALERT! Eden and Amitai are back with another wild ride through the cloudy skies on "Crying Out Cloud"! Here's the scoop for today's adventure: 01:36 - Okta Support System Compromise: 🕵️‍♂️ We unravel the mystery surrounding an unknown threat actor's access to Okta's customer support system. What's an HAR file, and why should you care? 06:30 - Azure CLI Credential Leak (CVE-2023-36052): 💻 Get the lowdown on Microsoft's Azure CLI vulnerability and how this leak happened, why defaults matter, and what the patch means for your Azure CLI setup. 13:17 - Reptar and Cachewarp CPU Vulnerabilities: 💡 CPU vulnerabilities are a trend we can't ignore! Discover why Reptar and Cachewarp CPU vulnerabilities might sound daunting but aren't necessarily the cloud apocalypse. Plus, the juicy details on who's patched and who's snoozing on this issue Links: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36052https://cloud.google.com/blog/products/identity-security/google-researchers-discover-reptar-a-new-cpu-vulnerabilityhttps://lock.cmpxchg8b.com/reptar.htmlhttps://cachewarpattack.com/https://sec.okta.com/harfiles

In our new Crying Out Cloud podcast episode, we're joined by the LEGENDARY Valentina Palmiotti, the one and only Chompie 🚀 ✨ In this episode, you'll find: 1. The surprising story behind her hacker alias - "Chompie," 🕵️‍♀️ 2. Valentina's insights from her Blackhat presentation, where she challenges security boundaries with kernel post-exploitation techniques 🤯 3. A peek into her day-to-day at IBM X-Force, from research to code auditing and vulnerability analysis 💼 And more!

More info here: https://www.wiz.io/blog/38-terabytes-of-private-data-accidentally-exposed-by-microsoft-ai-researchers