Supply Chain Remote Code Execution in python-json-logger CVE-2025-27607

A red and pink background with concentric circles features a white bug icon in the center. Text below reads: python-json-logger Supply Chain Remote Code Execution Vulnerability (CVE-2025-27607). Upwind logo is at the top right.

A critical Remote Code Execution (RCE) vulnerability was recently discovered in python-json-logger, a widely used Python package for structured logging. This flaw, affecting versions 3.2.0 and 3.2.1, arises due to a missing dependency: msgspec-python313-pre. The package was deleted from PyPI, leaving its name unclaimed. This vulnerability highlights a recurring yet dangerous issue in software supply […]

Gain Full Visibility into Google Cloud Traffic with Upwind’s Destination Domain Awareness

A central Google Cloud icon is connected to eight blue icons, each representing different categories, with the Upwind logo in the top-left corner. The icons are linked by lines radiating from the center.

Upwind provides deep runtime visibility into resource communication and behavior, including destination domain awareness. This is crucial for identifying potential threats, preventing data exfiltration, and ensuring compliance with security policies. The Upwind platform allows you to easily view the specific destination domains that Google Cloud resources communicate with, providing even deeper context for risk assessments […]

Proactively Protect Against DeepSeek and OpenAI Security Concerns with Upwind

Blue and white digital graphic with a central circle featuring a whale icon. Multiple white arrows point toward the circle from all directions. The word Upwind is in the top-left corner. Background features concentric circles.

We are excited to announce a new advance in our AI security capabilities, which empowers organizations to detect and mitigate risks associated with AI platforms like DeepSeek and OpenAI. This new functionality continuously monitors traffic to these AI platforms, identifying potential data exposure and alerting you to unexpected AI-related activity. This ensures that your sensitive […]

Easily Prioritize Vulnerabilities Based on Real Environmental Risks with Upwind

Flowchart with a central icon and surrounding elements: trophy, bug, database, microchip, brackets, fingerprint, lock, and star. Lines connect each icon to the center, illustrating interconnectedness. Upwind logo in the top left corner.

We are excited to announce a significant enhancement to Upwind’s vulnerability management capabilities – prioritization of vulnerabilities based on highly privileged identities and sensitive data context. Upwind has always deeply prioritized vulnerabilities based on real-world context, correlating them with CI/CD and DevOps context to provide end-to-end visibility and protection.  With this latest enhancement, Upwind now also […]

Proactively Secure Google Cloud Workloads with Upwind’s GKE Autopilot Integration

Flowchart showing interconnected blue nodes with document icons linked by colored lines. Central node connected to a white rectangle with the text upwind + followed by a blue cube logo. Lines are colored blue, green, and orange.

We are excited to announce that Upwind is now an official Google Kubernetes Engine (GKE) Autopilot partner, enabling users to seamlessly deploy Upwind and proactively secure Google Cloud workloads. Many GKE Autopilot users struggle with securing their workloads due to limited control over infrastructure and security configurations. Upwind’s integration ensures a seamless, built-in security solution […]

Automatically Visualize Sensitive Data Flows in Upwind’s Topology Map

Diagram showing data flow between components labeled onlineboutique, cert-manager, and monitoring with arrows. Icons represent sensitive data, critical vulnerabilities, and detections. A legend on the left categorizes these elements. Logo: upwind.

We are excited to announce a powerful new functionality in the Upwind platform that enhances security and compliance by automatically visualizing sensitive data flow data in the Upwind Topology Map. This feature helps organizations quickly identify and mitigate risks by providing clear insights into how sensitive data moves across their cloud environment. How Upwind Classifies […]

Easily Visualize S3 Bucket Communication on the Upwind Topology Map

Pattern of outlined buckets with center one in green, surrounded by lighter outlines. Upwind logo in top left corner.

We are excited to announce a powerful new capability in the Upwind platform – enhancing security and operational efficiency by allowing you to easily visualize specific S3 buckets that resources are communicating with in the Upwind Topology Map.  Upwind previously provided the ability to discover the specific S3 buckets that your assets are communicating with, […]

Visualize End-to-End Google Cloud Cross-Account Traffic with Upwind 

Icon set with cloud symbols in red, blue, green, and yellow circles connected by lines in a curved layout. upwind is written in the top left corner.

We are excited to introduce a major enhancement to the Upwind platform – comprehensive end-to-end traffic visibility across accounts and clusters in Google Cloud. For organizations that build cloud infrastructure hosted in Google Cloud, viewing cross-account and cross-cluster traffic can be a major challenge. Upwind’s latest release solves this problem, offering end-to-end visibility of resource […]

OpenSSH Vulnerabilities CVE-2025-26465 and CVE-2025-26466 Enable Man-in-the-Middle and DoS Attacks

A pink and red gradient graphic with a target symbol at the center. Text reads: OpenSSH Vulnerabilities Enable Man-in-the-Middle and DoS Attacks (CVE-2025-26465 & CVE-2025-26466). The upwind logo is in the top right corner.

On February 18, 2025, two critical vulnerabilities were disclosed in OpenSSH, a widely used secure networking utility suite. These flaws, identified as CVE-2025-26465 and CVE-2025-26466, pose significant security risks: Discovery and Response The vulnerabilities were uncovered by the Qualys Threat Research Unit (TRU). They affect OpenSSH client versions 6.8p1 through 9.9p1 and 9.5p1 through 9.9p1, […]

Easily Prioritize Cloud Misconfigurations with Upwind

A colorful flowchart with interconnected circles featuring icons, including a lock, globe, fingerprint, and gears. The chart branches into various paths, visually representing a complex data or process structure.

We are excited to introduce a new capability in the Upwind platform, automatically prioritizing cloud posture findings by severity based on real environmental variables: Under our Secure Configurations module. This is the first of many CSPM features coming from Upwind in the coming weeks, and it offers a powerful enhancement to posture management that automatically […]