In the past decade, the cloud revolution evolved into a major movement – one that introduced a new and complex attack surface. Attackers are increasingly targeting public cloud environments, leveraging misconfigurations and native cloud features to gain initial access, establish persistence, and achieve their malicious objectives. In this article, we dive into attack vectors in […]

Today, we’re excited to announce the general availability of Upwind’s new End of Life (EOL)  and End of Support (EOS) Visibility, now accessible to all customers and POCs. This feature brings clarity to lifecycle risk across cloud environments and represents a meaningful advancement in strengthening operational resilience. Importantly, this capability was shaped directly by customer […]

Today, we’re excited to introduce GitLab Automated Repository Scanning, a major upgrade to Upwind’s Shift-Left security capabilities that brings automatic, real-time scanning directly into the GitLab merge request workflows. With this new capability, every merge request across all your GitLab repositories is scanned the moment it’s opened, without requiring developers to modify CI/CD pipelines or […]

Artificial intelligence is rapidly becoming embedded in core engineering workflows. Organizations are integrating LLMs into customer-facing applications, code generation pipelines, triage automation, and even parts of their CI/CD and cloud-management ecosystems. But the moment AI crossed into production, a new reality emerged: AI vulnerabilities behave fundamentally differently from traditional software vulnerabilities. They don’t follow the […]

Executive Summary CVE-2025-8110 is an actively exploited, unpatched Remote Code Execution (RCE) vulnerability affecting all Gogs versions ≤ 0.13.3. The flaw allows authenticated users to bypass path-traversal protections through a symlink-based file-write bypass, enabling arbitrary file overwrite on the host server and ultimately full system compromise. With no official patch available and exploitation occurring in […]

We’re excited to share that EPSS (Exploit Prediction Scoring System) scoring is now available in Upwind’s Vulnerability Management module. This brings data-driven exploit likelihood insights directly into your vulnerability workflows, helping teams prioritize remediation based on real-world risk rather than theoretical severity alone. What Is EPSS? Security teams face thousands of vulnerabilities each week. The […]

AWS re:Invent 2025 marked a major milestone for Upwind. Throughout the week, we introduced significant platform innovations, expanded our leadership in runtime-first cloud security, and met thousands of builders, security engineers, and executives invested in securing the future of cloud and AI infrastructure. Below is a full recap of every announcement, event, and moment from […]

A critical vulnerability (CVE-2025-66570, GHSA-xm2j-vfr9-mg9m) has been identified in cpp-httplib, a popular single-header C++ HTTP/HTTPS library used in many lightweight services, internal tools, and embedded applications. Prior to version 0.27.0, cpp-httplib incorrectly accepts and processes certain reserved header names directly from client requests, including: REMOTE_ADDR,REMOTE_PORT,LOCAL_ADDR,LOCAL_PORT. Because these values are parsed before httplib injects the server’s […]

A severe flaw has been discovered in Apache Tika, the widely adopted framework for document parsing and content extraction. Tracked as CVE-2025-66516 with a CVSS score of 10.0, the issue enables XML External Entity (XXE) attacks through specially crafted PDF files. This new advisory replaces CVE-2025-54988. Although the earlier notice pointed to the PDF parser […]

Today, we’re excited to announce the private preview release of The Upwind Tracer for AWS Lambda Functions, bringing serverless-native runtime security and observability to your Lambda workloads. As teams continue to adopt and evaluate AWS Lambda for event-driven application architectures, it remains important to verify that its benefits – such as automatic scaling, minimal infrastructure […]