On January 14, 2025, Fortinet announced a critical vulnerability impacting its FortiOS and FortiProxy systems, CVE-2024-55591 is an authentication  bypass zero-day vulnerability that has been actively exploited since mid-November 2024, enabling attackers to hijack Fortinet firewalls and compromise enterprise networks. Successful exploitation grants remote attackers super-admin privileges via malicious requests to the Node.js websocket module. Discovery […]

At Upwind Security, we continuously enhance our security capabilities to address emerging threats and provide unparalleled runtime protection for containerized environments. In this update, we are excited to introduce new detection and prevention policies designed to secure workloads against sophisticated attacks.  Next-Generation Threat Detections Over the past several weeks we have added additional detection policies […]

On January 8, 2025, Ivanti announced two critical vulnerabilities impacting its Connect Secure (ICS) VPN appliances: CVE-2025-0282 and CVE-2025-0283. Notably, CVE-2025-0282 has been actively exploited in the wild since mid-December 2024. This vulnerability, an unauthenticated stack-based buffer overflow, allows remote code execution without authentication, posing a serious risk of further network compromise. Discovery and Response […]

We are introducing four powerful new dashboards in the Upwind platform to simplify monitoring and reporting for security executives. These four new dashboards each offer a high-level overview of security risk, performance over time, and prioritized risk analysis to focus you on what matters most.  Home Dashboard  This dashboard is Upwind’s new home page, providing executives with […]

Overview Apache has released a security update to address an important Apache Tomcat vulnerability (CVE-2024-56337) that could result in remote code execution (RCE) under certain conditions. This new CVE is closely tied to the earlier Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation (CVE-2024-50379), for which an incomplete mitigation was issued on December 17, […]

This year has been one of market penetration, expansion and innovation for Upwind. From exiting stealth in September 2023 to a little more than a year later, we expanded our global presence with offices in the UK, Iceland, Israel and the US, held a Series A, maintained a robust schedule of product innovation, and had […]

The Kubernetes Dashboard is a popular web-based interface designed to simplify the management of Kubernetes clusters. It provides an intuitive UI that allows users to view and manage cluster resources without needing to work directly with command-line tools. However, while convenient, the Kubernetes Dashboard also presents specific security risks that should be carefully managed, especially […]

As a part of Upwind’s runtime-powered threat detection capabilities, the Upwind Platform integrates seamlessly with AWS CloudTrail to provide real-time monitoring and detection of cloud logs. By leveraging AWS CloudTrail Logs generated at runtime, Upwind is able to provide deep runtime context and automatically alert you to suspicious or malicious log events. What is CloudTrail? […]

It has been a big week for Upwind here at AWS re:Invent 2024!  Our team has been on the ground in Las Vegas, Nevada this week for AWS’s largest annual conference. Here’s a quick look at what we’ve been up to. Monday, December 2. We announced our $100 million Series A, which was featured in […]

Today, we’re thrilled to introduce Upwind Shift Left – a major new capability in the Upwind platform that brings the power of runtime intelligence to CI/CD pipelines, transforming how teams secure their software at every step. By marrying real-world runtime context with build-time best practices, this next-generation solution redefines shift left for modern cloud security. […]