In 2025 the boundaries between cloud, AI and software supply chains continued to blur. The security incidents of 2025 clearly show how cyber threats evolve alongside AI, cloud platforms and modern development environments. Wiz Research analyzed how attackers adapted their techniques to these shifting conditions and revealed several significant vulnerabilities during the year that put millions of users at risk.
A new review reveals a clear pattern: the most critical vulnerabilities clustered around three main areas—exposed AI systems, attacks on software supply chains, and weaknesses in core cloud infrastructure.
The discovery of an exposed DeepSeek database drew wide attention and marked the start of a year shaped by rapid advances in large language models and developer AI tools.
At the same time, critical vulnerabilities increasingly propagated through common software components, highlighting persistent hidden risks in foundational libraries and services used across modern cloud platforms.
Cloud-based software supply chains became a new frontline for cyberattacks. Malicious campaigns were crafted to spread via CI/CD systems, package registries and pipelines. In many cases attackers capitalized on the widespread use of npm and GitHub.
New techniques pave the way for attacks in 2026
The wave of new AI technologies led to misconfigurations, leaked tokens and pipeline weaknesses—flaws attackers continue to exploit into 2026. This year, malicious campaigns are likely to target IDE extensions used by developers as well as AI artifacts such as models and MCP servers.
“At the end of January we saw Moltbook, a platform built for AI agents, erupt in usage. Days later, Wiz Research disclosed extensive security flaws that exposed 35,000 email addresses and showed how many of the interactions behind AI agents were human-driven. This highlights two key points: rapid AI innovation creates new attack surfaces, and security must evolve at the same pace to address this reality,” says Jesper Rellme, Manager Solutions Engineering at Wiz.
Five of the most notable vulnerabilities from 2025
Wiz Research reveals exposed DeepSeek ClickHouse database
Wiz Research found a publicly accessible ClickHouse database owned by DeepSeek that allowed full control over database operations and access to internal data. The exposure included over a million rows of log streams with chat histories, secret keys, backend details and other highly sensitive information.
Shai-Hulud 2.0 supply chain attack
A second Shai-Hulud-related npm supply chain campaign compromised widely used packages and was detected in about 27 percent of the cloud and code environments scanned by Wiz. The blast radius was massive and expanded rapidly due to automated replication: over 25,000 malicious repositories across roughly 500 GitHub users, growing at about 1,000 new repos every 30 minutes.
React2Shell (CVE-2025-55182)
A critical vulnerability was found in the React Server Components (RSC) “Flight” protocol affecting the React 19 ecosystem and frameworks that implement it, notably Next.js. Assigned CVE-2025-55182, the flaw enabled unauthenticated remote code execution (RCE) on the server via unsafe deserialization. Wiz Research data showed that 39 percent of cloud environments contained vulnerable instances.
IngressNightmare
Wiz Research discovered CVE-2025-1097, CVE-2025-1098, CVE-2025-24514 and CVE-2025-1974—an array of unauthenticated RCE vulnerabilities in the Ingress NGINX Controller for Kubernetes, collectively named #IngressNightmare. Exploiting these flaws could expose all secrets stored across namespaces in a Kubernetes cluster and potentially allow full cluster takeover.
Shai-Hulud initial campaign
The first Shai-Hulud supply chain attack occurred when tampered versions of several popular npm packages were published. These included a postinstall script that collected sensitive data and exfiltrated it to public GitHub repositories created by the attackers under the Shai-Hulud name. Beyond data theft, the malicious code behaved like a worm: when a compromised package encountered additional npm tokens in its environment, it automatically published manipulated versions of any packages it could access, enabling rapid spread across the npm ecosystem.
From supply chain attacks to AI-driven risks and vulnerabilities in core infrastructure, one theme recurs: complexity yields opportunities for attackers. As new technologies reshape the landscape in 2026, Wiz Research continues to share insights that help teams identify where risks accumulate and how to respond effectively.
The full list is available from Wiz Research.