wiz - TrustStrike Labs

threat

2026-05-07

New 'PCPJack' worm hunts down and removes competing malware before stealing cloud credentials - exploits five different vulnerabilities to spread

BleepingComputer and The Hacker News disclosed a new credential-stealing worm called PCPJack that hunts and removes the well-established TeamPCP malware family before installing itself - the first observed case of one cybercrime operation systematically displacing another at scale. PCPJack exploits five separate vulnerabilities to spread worm-like across cloud and Linux environments, then steals SSH keys, AWS credentials, GitHub tokens, and other secrets. Operators replace TeamPCP files in place rather than just disabling them, suggesting an attempt to inherit TeamPCP's existing victim base. The pattern signals a maturing cybercrime market.

pcpjack teampcp worm credential-stealer cloud-secrets linux aws github-tokens ssh-keys wiz datadog cybercrime-competition five-cves

Check: Search EDR and cloud logs for sudden disappearance of TeamPCP indicators on hosts that previously had them - that is the likely PCPJack handover signature. Hunt for outbound credential-theft traffic patterns matching the five CVEs PCPJack exploits.
Affected: Linux servers, cloud workloads (AWS, GCP, Azure), and CI/CD runners that previously had TeamPCP cryptominer infections. Any host running unpatched versions of the five CVEs PCPJack exploits is in scope. Cloud accounts where SSH keys, IAM access keys, or GitHub tokens are stored on compromised workloads face credential-theft escalation.
Fix: Patch all five CVEs PCPJack exploits per the Wiz and Datadog IoC publications. Rotate cloud credentials, SSH keys, and GitHub tokens on any host that may have had TeamPCP - do not assume TeamPCP cleanup means safety. Block PCPJack C2 domains at egress. Shift to short-lived IAM credentials via OIDC and remove static keys from VMs entirely.

threat

2026-05-04

Attackers are using stolen Amazon keys to send convincing phishing emails directly from Amazon's email service - bypassing every spam filter

Kaspersky reported a sharp rise in phishing campaigns sent through Amazon's Simple Email Service (SES). Because the emails come from Amazon's own infrastructure, they pass SPF, DKIM, and DMARC checks that normally catch fake-brand emails - and reputation-based blocks don't trigger because Amazon's mail servers have legitimate reputation. The pattern starts with attackers harvesting AWS access keys leaked in public GitHub repos, .env files, Docker images, and S3 buckets, then using those keys to send phishing through SES from the victim's own AWS account. Wiz documented similar abuse in 2025 with attackers escalating from sandbox mode (200 emails/day) to production mode (50,000+/day) by issuing PutAccountDetails across all AWS regions in 10 seconds.

amazon-ses aws-keys leaked-credentials kaspersky wiz spf-dkim-dmarc-bypass reputation-abuse trufflehog cloud-abuse

Check: Open the SES console in every AWS region (not just your home region) and check sending statistics for unexpected volume. Search CloudTrail for ses:PutAccountDetails calls from unfamiliar IPs.
Affected: Any AWS account where IAM access keys could be exposed - public GitHub repos, .env files committed by mistake, Docker images that bundled credentials, or developer workstations. AWS accounts where SES has never been used legitimately are at acute risk because there's no baseline. Verified domain owners face inbox-reputation damage even if no breach happened on their systems.
Fix: Apply Service Control Policies that block ses:* actions in regions and accounts where SES isn't legitimately used. Replace static AWS access keys with IAM roles using short-lived credentials. Run TruffleHog or git-secrets across your repos to find leaked keys. Rotate any IAM keys older than 90 days. Configure CloudTrail alerts on SES API calls from unfamiliar IPs.

threat

2026-04-30

Anthropic launches 'Claude Security' for enterprises - the first major defensive product designed to keep up with AI-powered exploits that compress the time-to-attack to minutes

Anthropic launched Claude Security in public beta yesterday, an enterprise tool that scans code repositories for vulnerabilities, rates each finding's severity and confidence, and generates patch instructions that engineers can apply through Claude Code. The launch is direct response to Mythos and similar AI-driven offensive tools that have been compressing the time between vulnerability disclosure and active exploitation - LiteLLM was exploited 36 hours after disclosure last week, LMDeploy in 13 hours the week before. CrowdStrike, Microsoft Security, Palo Alto Networks, SentinelOne, Trend, and Wiz are integrating Claude Opus 4.7 into their platforms.

anthropic claude-security claude-opus-4-7 mythos ai-defense time-to-exploit enterprise crowdstrike microsoft palo-alto sentinelone wiz

Check: If your organization holds a Claude Enterprise subscription, evaluate Claude Security against your existing static analysis tools this week.
Affected: Claude Enterprise customers can access Claude Security in public beta now via claude.ai/security or the Claude.ai sidebar. No API integration required. Team and Max access is coming soon. The deeper relevance is for any security team facing the new exploitation cadence: AI-driven offense has shrunk the patch window for several recent disclosures.
Fix: Pilot Claude Security on a non-critical repository first - point it at a side project before pointing it at production code. Scheduled scans give ongoing coverage rather than one-off audits. Pair the output with Claude Code on the Web to work through patches in a single session. For organizations not on Claude Enterprise: evaluate Aisle, Wiz Code, or GitHub Copilot Autofix on confidence rating and false positive rate.

vulnerability

CVE-2026-3854

2026-04-29

GitHub patched a flaw in March that let any developer take over millions of repos with a single 'git push' - 88% of self-hosted GitHub Enterprise Servers still haven't installed the fix (CVE-2026-3854)

Update on the GitHub flaw covered yesterday: Wiz, who found the bug, published its full disclosure showing 88% of self-hosted GitHub Enterprise Servers were still unpatched at public disclosure on April 28. The bug let any user with push access to one repository run code on the GitHub server itself with a single 'git push'. On GitHub.com, the same bug exposed millions of public and private repositories belonging to other users sharing the same storage node. GitHub.com was patched within 75 minutes, but Enterprise Server installs need patching manually. Wiz found the bug using AI-augmented reverse engineering on closed-source GitHub binaries.

github ghes enterprise-server rce x-stat wiz ai-reverse-engineering 88-percent-unpatched followup

Check: If you run a self-hosted GitHub Enterprise Server, check today whether you're on a patched version and upgrade if not.
Affected: Self-hosted GitHub Enterprise Server instances on versions before the March 2026 patches. CVSS 8.7. Wiz data shows 88% of GHES instances were unpatched at disclosure. The bug needs push access to any repository, including one the attacker creates themselves. GitHub.com and Enterprise Cloud variants are already patched.
Fix: Upgrade to GHES 3.14.25, 3.15.20, 3.16.16, 3.17.13, 3.18.7, 3.19.4, 3.20.0, or later. Audit /var/log/github-audit.log for push operations with semicolons or unusual special characters in push option values - that's the exploit signature. Until patched, restrict push access and remove unnecessary repository creators.