The Problem Nobody Wants to Admit  More data doesn’t automatically mean better security. It often means more homework. Anyone who has sat in a security engineering seat knows the drill: map private to public IPs, line up container IDs with hosts, connect GUIDs to service accounts, and reconcile correlation IDs across distributed apps. Each source […]

Upwind is now live inside AWS Security Hub Console. I’m incredibly excited to announce one of the biggest milestones in our company’s journey.  This tells us we’re on the right path to being the best cloud security company in the world. There isn’t any better validation.  Starting today, Upwind is one of roughly ten companies […]

Upwind’s Image Layers capability gives you deep visibility into how container images are built—so you can assign vulnerability ownership correctly, find root cause faster, and remediate issues more effectively across teams. Most tools only show the final image state. Upwind breaks images down layer by layer, so you can see exactly where a vulnerability was […]

Kubernetes environments move fast. Deployments happen constantly—through CI/CD pipelines, GitOps workflows, and direct kubectl commands. And when a misconfiguration slips in (a privileged pod, a missing required label, a deprecated API version), it can become a security incident in minutes. Until now, most teams have relied on post-deployment scanning to catch these issues. The problem: […]

Executive Summary In a single day, six vulnerabilities were disclosed in n8n, spanning remote code execution, command injection, arbitrary file access, and cross-site scripting. All six issues affect authenticated functionality and repeatedly break isolation between workflows, configuration, and the underlying host. This is not random disclosure noise, it’s a clear signal of systemic security weaknesses […]

We’re excited to announce that the new “By Finding” view is now live in the Upwind Vulnerability Management module, enabling security teams to triage vulnerabilities faster and more flexibly across their entire cloud environment. As cloud-native infrastructure continues to scale across clusters, container images, packages, and services, security teams need vulnerability management workflows that are […]

Executive Summary CVE-2026-1470 is a critical remote code execution (RCE) vulnerability in the n8n workflow automation platform. The flaw stems from unsafe evaluation of user-supplied workflow expressions, allowing authenticated users to execute arbitrary JavaScript code within the n8n runtime and fully compromise the instance. Exploitation requires low privileges, no user interaction, and impacts all unpatched […]

Two years after coming out of stealth, Upwind has become the unicorn that solves cloud security better than anyone else. Today, we are raising $250M in our Series B funding round, bringing total investment in Upwind to over $430M. This makes Upwind one of the most capitalized companies in the world focused on solving the […]

Cloud infrastructure has become more complex than ever. Environments are bigger, faster, and more interconnected. The explosion of data and the rapid adoption of AI have accelerated that complexity. Security teams are now managing risk in systems that change constantly and operate at unprecedented scale. The tools that got us here cannot take us where […]

I’m proud to share that Upwind has raised $250 million – a strong endorsement of our mission and direction. But this milestone is more than a number. It reflects strong customer confidence in our ability to address evolving AI and cloud security challenges. Today’s attackers leverage AI and autonomous agents to scan, exploit, and evade […]