Executive Summary On May 14, 2026, malicious versions of the widely used node-ipc npm package were published through a legitimate maintainer account, introducing a sophisticated credential-stealing payload into a package with approximately 3.35 million monthly downloads. The malicious payload was hidden inside the CommonJS bundle (node-ipc.cjs) and silently executed whenever applications loaded the package through […]

The AI threat landscape is moving faster on both sides. Attackers are using AI to scale campaigns, accelerate exploit development, and move faster from discovery to execution. Defenders need AI that helps them keep pace without adding noise or pulling teams away from the work that matters most. Prioritization helps teams focus on the risks […]

This week, the Shai-Hulud npm campaign showed how quickly a compromised package can move through the software supply chain, jumping across trusted dependencies and reaching build pipelines before many teams even knew what they were looking at. But this is not just an npm story, and it is not just a story about one campaign. […]

Cloud security works best when teams can move from context to action in one place. Upwind already brings together runtime-powered security context across cloud infrastructure, applications, identities, workloads, APIs, and AI systems. Now, the Upwind Agentic Pack helps teams use that context faster across investigation, validation, and remediation workflows. Grounded in Upwind’s runtime-first platform, the […]

One of the most fascinating technologies I’ve encountered in my personal life over the past few years is autonomous driving. It started as a curiosity, “can my car really drive itself?” Can it actually make decisions with enough necessary context, and not rely solely on static things it sees like trees and roads? Can it […]

Executive Summary A new wave of the Mini Shai-Hulud campaign compromised dozens of official @tanstack/* npm packages by abusing CI/CD publishing workflows and trusted npm release mechanisms. Unlike traditional dependency malware focused only on downstream execution, this operation behaves as a self-propagating supply chain worm designed to continuously spread across repositories, developer environments, and CI/CD […]

Security teams already have enough findings to sort through. Vulnerabilities, misconfigurations, and alerts pile up every day, but only a limited number create real risk in production. The harder problem is knowing which issues are exposed, active, and worth fixing first. The Upwind MCP Server brings that runtime context into existing tools. With MCP support, […]

Executive Summary Dirty Frag is a new Linux kernel local privilege escalation that combines two kernel bugs – one in the IPsec subsystem and one in RxRPC, giving any unprivileged local user a root shell on every major distribution. The exploit is reliable and lasts until a reboot or cache fault Public PoC code has […]

Cloud security teams are under pressure to move faster, but the volume of cloud risk keeps growing. Verizon’s 2025 DBIR found that vulnerability exploitation as an initial access vector increased 34% year over year, while IBM reported the global average cost of a data breach at $4.4 million. The issue is not that teams lack […]

Security teams need a reliable way to understand what exists in their cloud environment, how assets connect, and where to investigate when risk appears. That gets harder when container clusters and Kubernetes workloads show up differently across cloud providers, services, and data sources. Upwind normalizes container clusters and Kubernetes workloads in the Inventory graph, giving […]