RSS for Slack
Image showing six logos in circular frames on a wavy blue and white background. Logos include a whale, a geometric shape, a cat silhouette, a circuit design, a star-like shape, and a four-pointed structure. Upwind text is in the top left corner.
Product

Proactive Protect GenAI Workloads with Upwind GenAI Security

We are thrilled to announce a major breakthrough in AI security with the release of Upwind GenAI Security.​ AI is transforming industries at an unprecedented pace, but without the right security measures, it becomes an ungoverned risk. Organizations need purpose-built protections that evolve with the complexity of AI workloads. This is a first-of-its-kind solution that […]

Geometric pattern of light blue arrows pointing right with one dark blue arrow pointing left in the center. The word upwind is in black at the top left corner. The background is white.
Product

Enhancing CI/CD Pipeline Security with Upwind

In today’s fast-paced DevOps world, security can no longer be an afterthought. Shift Left Security aims to integrate security checks earlier in the software development lifecycle, ensuring vulnerabilities are detected and remediated before they reach production. In this article, we explore how Upwind Shift Left seamlessly integrates into a GitHub Actions CI/CD pipeline, automating image […]

Hexagonal icon with an N inside on a pink gradient background with angular lines. Text: IngressNightmare: Admission Webhook Flaw Leading to Remote Code Execution (CVE-2025-1974).
Research

IngressNightmare: How New ingress-nginx Vulnerabilities Threaten Kubernetes Clusters

Kubernetes administrators take note: a critical set of vulnerabilities in the popular ingress-nginx controller—collectively dubbed “IngressNightmare”—could put your entire cluster at risk. In particular, CVE-2025-1974, with a CVSS score of 9.8, allows attackers to take over Kubernetes clusters simply by exploiting the Validating Admission Controller feature. Because ingress-nginx runs in roughly 40% of Kubernetes deployments, […]

A pink background with concentric circles and a white bug icon in the center. Text reads, Next.js Middleware Authentication Bypass Vulnerability (CVE-2025-29927). Upwind logo in the top right corner.
Research

Next.js Middleware Authentication Bypass Vulnerability (CVE-2025-29927)

Next.js middleware plays a key role in securing applications by enforcing authentication, managing access control, and applying security headers. However, a newly discovered vulnerability, CVE-2025-29927, allows attackers to bypass these protections entirely using a manipulated HTTP header. Affected Versions This flaw affects the following versions: The Core Issue Next.js prevents infinite middleware loops by tracking […]

Pink, yellow, and red circles with shield and gear icons are scattered across a white background. The word upwind is in the top left corner. One central red circle is prominently highlighted.
Product

Streamline Cloud Threat Detection and Response with Upwind’s Major Threats Module Enhancements

Cloud security teams are drowning in alerts, struggling to prioritize real threats among endless notifications. To help security professionals cut through the noise, we are thrilled to announce major enhancements to our Threats Module, further empowering security professionals to understand deep context for every threat detection, identify emerging threat actors, and respond to threats faster.  […]

Flowchart showing a central purple cube connected by lines to various circular icons representing different technology tools and platforms, including Earth globes, cloud storage, and development frameworks. The upwind logo is at the top left.
Product

Why a Next-Generation CSPM Needs Runtime

In today’s rapidly evolving cloud environments, maintaining a robust security posture is more critical than ever. Traditional Cloud Security Posture Management (CSPM) solutions have played a pivotal role in identifying misconfigurations and policy violations within cloud infrastructures. However, as cloud architectures become increasingly dynamic, the sheer volume of misconfiguration findings can present an insurmountable challenge […]

Gradient background with soft orange, pink, and purple hues. The image features two logos: upwind on the left with a multicolored bar over the u, and splunk> on the right with a vertical line separating them.
Product

Seamlessly Export Upwind Findings to Your SIEM with Upwind’s Splunk Integration

We are excited to announce a new addition to Upwind’s built-in integrations, seamlessly connecting Upwind and Splunk. This new integration makes it easier than ever to export Upwind’s runtime-powered findings to your SIEM. What is Splunk? Splunk is a security information and event management (SIEM) platform designed to search, monitor, and analyze machine-generated data from […]

A pink graphic with a white bug icon in the center, symbolizing a vulnerability. Text reads: Apache Tomcat Vulnerability (CVE-2025-24813) Exposes Servers to RCE Risks. Upwind logo is in the top right corner.
Research

Apache Tomcat Vulnerability (CVE-2025-24813) Exposes Servers to RCE Risks

A critical security vulnerability, identified as CVE-2025-24813, has been discovered in Apache Tomcat, potentially exposing servers to remote code execution (RCE), information disclosure, and data corruption risks. This flaw affects the following versions:​ Understanding CVE-2025-24813 The vulnerability originates from improper handling of path equivalence when processing filenames that contain internal dots. Specifically, when Tomcat’s default […]

Warning icon with an exclamation mark on a pink background with concentric circles. Text below reads: GitHub Actions Supply Chain Compromise: tj-actions/changed-files Action.
Research

GitHub Actions Supply Chain Compromise: tj-actions/changed-files Action

We are actively responding to a significant security breach involving the widely used GitHub Action, tj-actions/changed-files. Current findings indicate that nearly all tagged versions of tj-actions/changed-files have been compromised, resulting in direct access to running containers and virtual machines’ memory, allowing the extraction of sensitive secrets, information, and code. This is happening through the following command […]

Add the Upwind RSS Feed to Slack

Connect the Upwind RSS Feed to your Slack.
Follow the how-to here.