We’re excited to introduce the new What’s New tab, an in-product experience designed to help you stay up to date with the latest Upwind releases, improvements, and innovations, right when they matter. Upwind moves fast. We continuously deliver new capabilities, logic updates, and experience improvements to help security teams stay ahead of cloud runtime risk. […]

Executive Summary CVE-2026-21877 is a critical remote code execution vulnerability in n8n that allows an authenticated user to execute arbitrary code on the underlying instance. The issue affects n8n versions >= 0.123.0 and < 1.121.3 and is fixed in 1.121.3 and later. In environments where n8n automates workflows with access to internal systems, credentials, and […]

Dark Mode is now live across the Upwind console for all users, giving security teams greater control over how they experience the platform so they can work more comfortably, stay focused longer, and adapt the interface to their environment, without changing workflows, data, or collaboration. Security work doesn’t happen in neat, predictable blocks of time. […]

Executive Summary: The Three-Headed Mystery Shai-Hulud 3.0, the sandworm, is back. But is it a new monster, or just the same old worm with a new trick? The security community is currently buzzing about rumors of “Shai-Hulud 3.0.” Reports suggest the sandworm has returned and panic levels are high. But when we look at the […]

We’re excited to announce that ISO/IEC 27001 and ISO/IEC 27002 frameworks are generally available across the Upwind platform. This release enables organizations to apply globally recognized information security standards more effectively within modern cloud environments, without sacrificing the governance rigor they are designed to provide. As cloud environments continue to grow in scale and complexity, […]

Executive Summary CVE-2025-68664 is a critical serialization injection vulnerability in LangChain that affects how data is serialized using dumps() and dumpd(), and later reconstructed using load() and loads(). The issue stems from a failure to properly escape user-controlled dictionaries that contain the reserved lc key. Because this key is used internally by LangChain to represent […]

Executive Summary A critical unauthenticated vulnerability (CVE-2025-14847) has been identified in MongoDB Server, affecting how the database processes zlib-compressed network traffic. Under specific conditions, a remote attacker can trigger MongoDB to return uninitialized heap memory as part of a server response. Because this data originates from process memory, it may contain fragments of previously handled […]

Today, we’re excited to announce expanded configuration override settings, a new set of capabilities that give teams greater control over how configuration risk is prioritized. With support for rule-level severity overrides and in-platform commenting, teams can now apply context and collaborate directly where risk decisions are made. Earlier this year, we introduced Upwind’s Open Source Security model, along […]

In the past decade, the cloud revolution evolved into a major movement – one that introduced a new and complex attack surface. Attackers are increasingly targeting public cloud environments, leveraging misconfigurations and native cloud features to gain initial access, establish persistence, and achieve their malicious objectives. In this article, we dive into attack vectors in […]

Today, we’re excited to announce the general availability of Upwind’s new End of Life (EOL)  and End of Support (EOS) Visibility, now accessible to all customers and POCs. This feature brings clarity to lifecycle risk across cloud environments and represents a meaningful advancement in strengthening operational resilience. Importantly, this capability was shaped directly by customer […]