Back to all posts
Warning icon with an exclamation mark on a pink background with concentric circles. Text below reads: GitHub Actions Supply Chain Compromise: tj-actions/changed-files Action.
Research

GitHub Actions Supply Chain Compromise: tj-actions/changed-files Action

We are actively responding to a significant security breach involving the widely used GitHub Action, tj-actions/changed-files. Current findings indicate that nearly all tagged versions of tj-actions/changed-files have been compromised, resulting in direct access to running containers and virtual machines’ memory, allowing the extraction of sensitive secrets, information, and code. This is happening through the following command […]

A red and pink background with concentric circles features a white bug icon in the center. Text below reads: python-json-logger Supply Chain Remote Code Execution Vulnerability (CVE-2025-27607). Upwind logo is at the top right.
Research

Supply Chain Remote Code Execution in python-json-logger CVE-2025-27607

A critical Remote Code Execution (RCE) vulnerability was recently discovered in python-json-logger, a widely used Python package for structured logging. This flaw, affecting versions 3.2.0 and 3.2.1, arises due to a missing dependency: msgspec-python313-pre. The package was deleted from PyPI, leaving its name unclaimed. This vulnerability highlights a recurring yet dangerous issue in software supply […]

An illustration with a pink background featuring a white bug icon. Text reads: Apache Tomcat Vulnerability (CVE-2024-56337) Exposes Servers to RCE. The Upwind logo is in the top right corner.
Research

Apache Tomcat Vulnerability CVE-2024-56337 Exposes Servers to RCE

Overview Apache has released a security update to address an important Apache Tomcat vulnerability (CVE-2024-56337) that could result in remote code execution (RCE) under certain conditions. This new CVE is closely tied to the earlier Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation (CVE-2024-50379), for which an incomplete mitigation was issued on December 17, […]

White Kubernetes logo on a pink background with circular patterns. Text below reads, Arbitrary command execution through gitRepo volume (CVE-2024-10220).
Research

Critical Kubernetes gitRepo Volume Vulnerability: CVE-2024-10220

A critical security vulnerability identified as CVE-2024-10220 has been discovered in Kubernetes’ deprecated gitRepo volume type. This vulnerability allows attackers with permissions to create pods using gitRepo volumes to execute arbitrary commands on the host node with root privileges, potentially leading to full system compromise. The gitRepo volume type was designed to clone Git repositories […]

A pink background with concentric circles features a white bug icon in a circle and text below reading Critical RCE Vulnerability in jsonpath-plus (CVE-2024-21534). The word upwind appears in the top right corner.
Research

Critical RCE Vulnerability in jsonpath-plus (CVE-2024-21534)

A critical Remote Code Execution (RCE) vulnerability identified as CVE-2024-21534 has been discovered in versions of the jsonpath-plus package before 10.0.0. This vulnerability allows attackers to execute arbitrary code on affected systems by exploiting improper input sanitization and the unsafe default usage of the vm module in Node.js. jsonpath-plus is a JavaScript implementation of JSONPath […]

A stylized image with a pink background features a penguin inside a circle, symbolizing Linux. Next to it is a printer icon. Text reads Critical 9.9 Linux (CUPS) Vulnerability followed by CVE identifiers. The top right corner has the Upwind logo.
Research

Critical 9.9 Linux Bug Exposes Containers, Hosts and Endpoints to Remote Code Execution (RCE) Exploits

Several critical Linux vulnerabilities have been declared, involving a bug in CUPS, the Common UNIX Printing System. All versions of Red Hat Enterprise Linux (RHEL) are among the Linux distributions affected, but not in default configuration.  There are four vulnerabilities that have been identified and allocated the following CVEs – CVE-2024-47076, CVE-2024-47175, CVE-2024-47176 and CVE-2024-47177. […]

Futuristic graphic featuring a glowing cloud icon at the center of a circular dial with measurement markings. The background has a gradient of blue and gray tones, with the word Upwind in the top right corner.
Research

Cloud Heist: How Hackers Lock Accounts and Drain Wallets

Cloud environments have changed how organizations manage their infrastructure, offering flexibility and scalability. But these benefits also bring new risks, and even small mistakes in cloud security can have serious consequences. For example, Google Cloud once accidentally deleted data from a $125 billion Australian pension fund due to a simple configuration error. Although this wasn’t […]

Illustration depicting a Docker security advisory marked as CVE-2024-41110. Several buoy-like structures with the Docker logo float on a blue ocean. There are waves and a warning sign above the text.
Research

CVE-2024-41110: Docker Security Advisory on Critical Update for Docker Engine – AuthZ Plugin Bypass

Docker has released crucial updates addressing a critical vulnerability in Docker Engine that could allow attackers to bypass authorization plugins (AuthZ). This issue has a low likelihood of being exploited, but all Docker installations need to upgrade to the latest versions immediately. Docker EE v19.03.x and all versions of Mirantis Container Runtime are not affected. […]

A cartoon monkey wearing headphones peeks out from a large blue box with the Kubernetes logo. The box is moving through a cloudy sky, while the word Upwind appears in the top right corner.
Research

Upwind Discovers New ArgoCD CVE-2024-37152 & Takes Over a Kubernetes Cluster

The Upwind research team is constantly monitoring the evolving threat landscape for emerging threats and vulnerabilities, and we recently discovered a new Unauthenticated Access vulnerability in ArgoCD – CVE-2024-37152. While this is only a moderate CVE, our research team found it as part of a toxic combination that included internet exposure. This combination permitted unauthorized […]

Add the Upwind RSS Feed to Slack

Connect the Upwind RSS Feed to your Slack.
Follow the how-to here.