Back to all posts
RSS for Slack
Hexagonal icon with an N inside on a pink gradient background with angular lines. Text: IngressNightmare: Admission Webhook Flaw Leading to Remote Code Execution (CVE-2025-1974).
Research

IngressNightmare: How New ingress-nginx Vulnerabilities Threaten Kubernetes Clusters

Kubernetes administrators take note: a critical set of vulnerabilities in the popular ingress-nginx controller—collectively dubbed “IngressNightmare”—could put your entire cluster at risk. In particular, CVE-2025-1974, with a CVSS score of 9.8, allows attackers to take over Kubernetes clusters simply by exploiting the Validating Admission Controller feature. Because ingress-nginx runs in roughly 40% of Kubernetes deployments, […]

A pink background with concentric circles and a white bug icon in the center. Text reads, Next.js Middleware Authentication Bypass Vulnerability (CVE-2025-29927). Upwind logo in the top right corner.
Research

Next.js Middleware Authentication Bypass Vulnerability (CVE-2025-29927)

Next.js middleware plays a key role in securing applications by enforcing authentication, managing access control, and applying security headers. However, a newly discovered vulnerability, CVE-2025-29927, allows attackers to bypass these protections entirely using a manipulated HTTP header. Affected Versions This flaw affects the following versions: The Core Issue Next.js prevents infinite middleware loops by tracking […]

A pink graphic with a white bug icon in the center, symbolizing a vulnerability. Text reads: Apache Tomcat Vulnerability (CVE-2025-24813) Exposes Servers to RCE Risks. Upwind logo is in the top right corner.
Research

Apache Tomcat Vulnerability (CVE-2025-24813) Exposes Servers to RCE Risks

A critical security vulnerability, identified as CVE-2025-24813, has been discovered in Apache Tomcat, potentially exposing servers to remote code execution (RCE), information disclosure, and data corruption risks. This flaw affects the following versions:​ Understanding CVE-2025-24813 The vulnerability originates from improper handling of path equivalence when processing filenames that contain internal dots. Specifically, when Tomcat’s default […]

Warning icon with an exclamation mark on a pink background with concentric circles. Text below reads: GitHub Actions Supply Chain Compromise: tj-actions/changed-files Action.
Research

GitHub Actions Supply Chain Compromise: tj-actions/changed-files Action

We are actively responding to a significant security breach involving the widely used GitHub Action, tj-actions/changed-files. Current findings indicate that nearly all tagged versions of tj-actions/changed-files have been compromised, resulting in direct access to running containers and virtual machines’ memory, allowing the extraction of sensitive secrets, information, and code. This is happening through the following command […]

A red and pink background with concentric circles features a white bug icon in the center. Text below reads: python-json-logger Supply Chain Remote Code Execution Vulnerability (CVE-2025-27607). Upwind logo is at the top right.
Research

Supply Chain Remote Code Execution in python-json-logger CVE-2025-27607

A critical Remote Code Execution (RCE) vulnerability was recently discovered in python-json-logger, a widely used Python package for structured logging. This flaw, affecting versions 3.2.0 and 3.2.1, arises due to a missing dependency: msgspec-python313-pre. The package was deleted from PyPI, leaving its name unclaimed. This vulnerability highlights a recurring yet dangerous issue in software supply […]

A pink and red gradient graphic with a target symbol at the center. Text reads: OpenSSH Vulnerabilities Enable Man-in-the-Middle and DoS Attacks (CVE-2025-26465 & CVE-2025-26466). The upwind logo is in the top right corner.
Research

OpenSSH Vulnerabilities CVE-2025-26465 and CVE-2025-26466 Enable Man-in-the-Middle and DoS Attacks

On February 18, 2025, two critical vulnerabilities were disclosed in OpenSSH, a widely used secure networking utility suite. These flaws, identified as CVE-2025-26465 and CVE-2025-26466, pose significant security risks: Discovery and Response The vulnerabilities were uncovered by the Qualys Threat Research Unit (TRU). They affect OpenSSH client versions 6.8p1 through 9.9p1 and 9.5p1 through 9.9p1, […]

A red background with a white bug icon symbolizes a critical vulnerability. The text reads: Critical Vulnerability Impacting FortiOS and FortiProxy Systems (CVE-2024-55591) with Upwind logo in the top-right corner.
Research

New CVE-2024-5591 Zero-Day Exploitation of Fortinet Firewalls 

On January 14, 2025, Fortinet announced a critical vulnerability impacting its FortiOS and FortiProxy systems, CVE-2024-55591 is an authentication  bypass zero-day vulnerability that has been actively exploited since mid-November 2024, enabling attackers to hijack Fortinet firewalls and compromise enterprise networks. Successful exploitation grants remote attackers super-admin privileges via malicious requests to the Node.js websocket module. Discovery […]

Abstract pink and red circular design with a small shield icon containing a white virus symbol at the center. The image has a modern, minimalist style, accompanied by the text upwind in the top left corner.
Research

Introducing New Runtime Security Features for Modern Containerized Environments

At Upwind Security, we continuously enhance our security capabilities to address emerging threats and provide unparalleled runtime protection for containerized environments. In this update, we are excited to introduce new detection and prevention policies designed to secure workloads against sophisticated attacks.  Next-Generation Threat Detections Over the past several weeks we have added additional detection policies […]

A warning icon in a triangular shape is centered against a pink background. Text below reads: Zero-Day Exploitation of Ivanti Connect Secure VPN Devices (CVE-2025-0282 & CVE-2025-0283). The Upwind logo is in the top right corner.
Research

New Zero-Day Exploitation of Ivanti Connect Secure VPN Devices with CVE-2025-0282 and CVE-2025-0283

On January 8, 2025, Ivanti announced two critical vulnerabilities impacting its Connect Secure (ICS) VPN appliances: CVE-2025-0282 and CVE-2025-0283. Notably, CVE-2025-0282 has been actively exploited in the wild since mid-December 2024. This vulnerability, an unauthenticated stack-based buffer overflow, allows remote code execution without authentication, posing a serious risk of further network compromise. Discovery and Response […]

Add the Upwind RSS Feed to Slack

Connect the Upwind RSS Feed to your Slack.
Follow the how-to here.