Executive Summary CrackArmor is a group of vulnerabilities affecting the Linux kernel AppArmor security module that allow local attackers to interfere with how AppArmor security profiles are managed and enforced. By abusing weaknesses in policy management and kernel profile parsing logic, an attacker with limited system access may weaken AppArmor protections or escalate privileges to […]

Cloud Security has changed Teams are moving faster, architectures are getting more dynamic, and the old way of securing cloud environments with disconnected tools and static findings is no longer enough. Security leaders need more than posture snapshots. They need real-time context, runtime intelligence, and the ability to focus on what is actually exploitable. That […]

As cloud environments expand, so does the volume of sensitive data stored within them. For security teams, it is no longer enough to know whether a bucket is public or a workload is vulnerable. They also need visibility into a more fundamental question: what sensitive data exists across their cloud assets, and how does its […]

Cloud security teams are being asked to do more than ever. They need to prove compliance against growing regulatory demands, reduce configuration risk, and keep cloud environments lean, secure, and aligned with how they were actually designed to operate. That is why we are excited to introduce several new frameworks now available in Upwind’s Configurations […]

When something changes in your cloud security platform, the first question is almost always the same: What happened and who did it? Upwind Audit Logs gives security and platform teams a centralized, searchable record of user-driven actions across the Upwind platform, including activity performed through the UI or Public API. The result is clearer accountability, […]

Cloud teams are moving fast on Azure PaaS to reduce operational overhead—serverless containers with Azure Container Apps and managed web apps with Azure App Services. But that speed often comes with a tradeoff: security visibility and detection can lag behind because you don’t have the same host access or deployment patterns you’d expect in Kubernetes […]

Personalize your view—without compromising RBAC, ownership, or auditability. We’re excited to share that Custom Dashboards are now available to all customers. This is an important step in Upwind’s Enterprise readiness, giving teams the ability to tailor how they consume insights based on role, responsibility, and priority—turning existing widgets into personalized, actionable dashboards. Overview Upwind’s Custom […]

Executive Summary In February 2026, an autonomous bot named hackerbot-claw exploited insecure GitHub Actions configurations across multiple high-profile repositories. The campaign abused unsafe pull_request_target triggers, unsanitized inputs, dynamic shell execution, and overprivileged GITHUB_TOKEN permissions to achieve remote code execution (RCE) in GitHub-hosted runners. Across at least six repositories, the bot successfully executed arbitrary commands, and […]

The Problem Nobody Wants to Admit  More data doesn’t automatically mean better security. It often means more homework. Anyone who has sat in a security engineering seat knows the drill: map private to public IPs, line up container IDs with hosts, connect GUIDs to service accounts, and reconcile correlation IDs across distributed apps. Each source […]

Upwind is now live inside AWS Security Hub Console. I’m incredibly excited to announce one of the biggest milestones in our company’s journey.  This tells us we’re on the right path to being the best cloud security company in the world. There isn’t any better validation.  Starting today, Upwind is one of roughly ten companies […]