Upwind’s Head of Security Research Moshiko Hassan, MDR Lead Omer Idel, and Head of Marketing Denise Ashur discuss the GitHub Actions supply chain compromise, including how widespread it is and what users should do to mitigate.
Further Reading
IngressNightmare: How New ingress-nginx Vulnerabilities Threaten Kubernetes Clusters
Mar 25, 2025
Kubernetes administrators take note: a critical set of vulnerabilities in the popular ingress-nginx controller—collectively dubbed “IngressNightmare”—could put your entire cluster at risk. In particular, CVE-2025-1974, with a CVSS score of 9.8, allows attackers to take over Kubernetes clusters simply by exploiting the Validating Admission Controller feature. Because ingress-nginx runs in roughly 40% of Kubernetes deployments, […]
Next.js Middleware Authentication Bypass Vulnerability (CVE-2025-29927)
Mar 24, 2025
Next.js middleware plays a key role in securing applications by enforcing authentication, managing access control, and applying security headers. However, a newly discovered vulnerability, CVE-2025-29927, allows attackers to bypass these protections entirely using a manipulated HTTP header. Affected Versions This flaw affects the following versions: The Core Issue Next.js prevents infinite middleware loops by tracking […]
Apache Tomcat Vulnerability (CVE-2025-24813) Exposes Servers to RCE Risks
Mar 17, 2025
A critical security vulnerability, identified as CVE-2025-24813, has been discovered in Apache Tomcat, potentially exposing servers to remote code execution (RCE), information disclosure, and data corruption risks. This flaw affects the following versions: Understanding CVE-2025-24813 The vulnerability originates from improper handling of path equivalence when processing filenames that contain internal dots. Specifically, when Tomcat’s default […]