RSS for Slack
Warning icon with an exclamation mark on a pink background with concentric circles. Text below reads: GitHub Actions Supply Chain Compromise: tj-actions/changed-files Action.
Research

GitHub Actions Supply Chain Compromise: tj-actions/changed-files Action

We are actively responding to a significant security breach involving the widely used GitHub Action, tj-actions/changed-files. Current findings indicate that nearly all tagged versions of tj-actions/changed-files have been compromised, resulting in direct access to running containers and virtual machines’ memory, allowing the extraction of sensitive secrets, information, and code. This is happening through the following command […]

A flowchart with interconnected blue circles containing icons. Arrows in green, yellow, and blue link the circles. A small blue circle with a power icon is at the top left. The upwind logo is in the top left corner.
Product

Automatically View High-Privilege Identity Insights in the Upwind Topology Map

We’re excited to introduce a powerful new capability in the Upwind Cloud Security Platform –  enhancing security by providing seamless visibility into highly privileged identities for every containerized resource in your cloud environment. Now available directly in the Upwind Topology Map, this feature helps detect and mitigate excessive permissions, reducing the risk of privilege escalation […]

A red and pink background with concentric circles features a white bug icon in the center. Text below reads: python-json-logger Supply Chain Remote Code Execution Vulnerability (CVE-2025-27607). Upwind logo is at the top right.
Research

Supply Chain Remote Code Execution in python-json-logger CVE-2025-27607

A critical Remote Code Execution (RCE) vulnerability was recently discovered in python-json-logger, a widely used Python package for structured logging. This flaw, affecting versions 3.2.0 and 3.2.1, arises due to a missing dependency: msgspec-python313-pre. The package was deleted from PyPI, leaving its name unclaimed. This vulnerability highlights a recurring yet dangerous issue in software supply […]

A central Google Cloud icon is connected to eight blue icons, each representing different categories, with the Upwind logo in the top-left corner. The icons are linked by lines radiating from the center.
Product

Gain Full Visibility into Google Cloud Traffic with Upwind’s Destination Domain Awareness

Upwind provides deep runtime visibility into resource communication and behavior, including destination domain awareness. This is crucial for identifying potential threats, preventing data exfiltration, and ensuring compliance with security policies. The Upwind platform allows you to easily view the specific destination domains that Google Cloud resources communicate with, providing even deeper context for risk assessments […]

Blue and white digital graphic with a central circle featuring a whale icon. Multiple white arrows point toward the circle from all directions. The word Upwind is in the top-left corner. Background features concentric circles.
Product

Proactively Protect Against DeepSeek and OpenAI Security Concerns with Upwind

We are excited to announce a new advance in our AI security capabilities, which empowers organizations to detect and mitigate risks associated with AI platforms like DeepSeek and OpenAI. This new functionality continuously monitors traffic to these AI platforms, identifying potential data exposure and alerting you to unexpected AI-related activity. This ensures that your sensitive […]

Flowchart with a central icon and surrounding elements: trophy, bug, database, microchip, brackets, fingerprint, lock, and star. Lines connect each icon to the center, illustrating interconnectedness. Upwind logo in the top left corner.
Product

Easily Prioritize Vulnerabilities Based on Real Environmental Risks with Upwind

We are excited to announce a significant enhancement to Upwind’s vulnerability management capabilities – prioritization of vulnerabilities based on highly privileged identities and sensitive data context. Upwind has always deeply prioritized vulnerabilities based on real-world context, correlating them with CI/CD and DevOps context to provide end-to-end visibility and protection.  With this latest enhancement, Upwind now also […]

Flowchart showing interconnected blue nodes with document icons linked by colored lines. Central node connected to a white rectangle with the text upwind + followed by a blue cube logo. Lines are colored blue, green, and orange.
Product

Proactively Secure Google Cloud Workloads with Upwind’s GKE Autopilot Integration

We are excited to announce that Upwind is now an official Google Kubernetes Engine (GKE) Autopilot partner, enabling users to seamlessly deploy Upwind and proactively secure Google Cloud workloads. Many GKE Autopilot users struggle with securing their workloads due to limited control over infrastructure and security configurations. Upwind’s integration ensures a seamless, built-in security solution […]

Diagram showing data flow between components labeled onlineboutique, cert-manager, and monitoring with arrows. Icons represent sensitive data, critical vulnerabilities, and detections. A legend on the left categorizes these elements. Logo: upwind.
Product

Automatically Visualize Sensitive Data Flows in Upwind’s Topology Map

We are excited to announce a powerful new functionality in the Upwind platform that enhances security and compliance by automatically visualizing sensitive data flow data in the Upwind Topology Map. This feature helps organizations quickly identify and mitigate risks by providing clear insights into how sensitive data moves across their cloud environment. How Upwind Classifies […]

Add the Upwind RSS Feed to Slack

Connect the Upwind RSS Feed to your Slack.
Follow the how-to here.