Redis, Lua, and the Dangers In-Between

Redis, Lua, and the Dangers In-Between-c

On October 3rd, Redis published an advisory for a critical vulnerability in its Lua engine that could lead from a memory leak to remote code execution. It was initially, and surprisingly, assigned a CVSS 3.1 score of 10.0. While the score has since been debated and adjusted, the core issue remains: an attacker with privileges […]

The Cloud Security Maturity Journey

Cloud_Migration_Journey-PTA

Cloud adoption has redefined how organizations innovate and scale. But with agility comes complexity, and with complexity, risk. Security leaders are tasked not only with defending modern architectures but also with proving that security enables innovation rather than slowing it down. The Cloud Security Journey frames cloud security maturity as a progression through three stages: […]

Securing the Full Application Lifecycle with Upwind and OX Security

Upwind-OX

In today’s fast-paced development environments, the speed of software delivery has outpaced traditional security workflows. APIs are often published before they’re reviewed, cloud resources are deployed via automation, and new vulnerabilities emerge in runtime that never existed in dev or staging. It’s estimated that over 50% of data breaches by 2025 will originate from unprotected […]

npm Supply Chain Attack: Massive Compromise of debug, chalk, and 16 Other Packages

GHSA-cxm3-wv7p-598c Nx Build System Supply-Chain Compromise-3

On September 8, 2025, one of the largest npm supply chain incidents in recent history unfolded. Popular libraries like debug and chalk along with 16 other utilities were hijacked and pushed to npm with malicious code targeting cryptocurrency wallets and blockchain transactions. These packages collectively have billions of weekly downloads, making this compromise both widespread […]

CVE-2025-55190: Argo CD Project API Token Exposes Repository Credentials

GHSA-cxm3-wv7p-598c Nx Build System Supply-Chain Compromise-2

A critical vulnerability was disclosed in Argo CD, a popular GitOps continuous delivery tool. This flaw allows project-level API tokens to retrieve sensitive repository credentials such as usernames and passwords, even when those tokens do not have explicit permissions to access secrets. Overview Argo CD uses project-level tokens to automate deployment workflows and manage applications.Due […]

GHSA-cxm3-wv7p-598c: Nx Build System Supply-Chain Compromise

GHSA-cxm3-wv7p-598c_ Nx Build System Supply-Chain Compromise

On August 26, 2025, the popular Nx build system package was compromised in a sophisticated supply-chain attack. Malicious versions of Nx and related packages were published to npm, embedding malware that scanned developer environments for sensitive credentials and exfiltrated them. This attack stands out not only because of its impact with thousands of developers who […]

Simplify Custom Posture Rule Creation with Upwind’s LLM-based Rego Support

rego LLM-v2

Upwind now supports a significant new AI-powered capability in the Upwind platform, allowing users to create custom posture rules with LLM-based Rego, streamlining workflows and accelerating reduction of their cloud attack surface. Upwind’s runtime-backed posture engine has always surfaced high-impact misconfigurations that pose true risks to cloud environments, often missed by traditional CSPMs. With this […]

2025 Gartner® Market Guide for Cloud-Native Application Protection Platforms: 5 Takeaways That We Believe Matter

Gartner CNAPP-d

Gartner has released the 2025 CNAPP Market Guide. According to Gartner: “​​while numerous providers exist, only a handful offer a comprehensive platform with the required breadth and depth of functionality, particularly emphasizing seamless integration through the development and operations processes.” We believe that Upwind’s inclusion in this group of vendors is a significant milestone. To […]

Bringing the Right Technology to Stand on the Shoulders of Giants

Upwind acquires Nyx Security

From an idea in stealth to acquisition — the journey of NYX and the future with Upwind Fourteen months ago, my partner Gili Yankovitch and I started working on a bold idea: what if we could help security & appsec teams with better prioritization of their risks and detect not just what code should run, […]

Footer-Logo-07_03_2025

Stay In Touch

This field is for validation purposes and should be left unchanged.

Product

CNAPP
CSPM
CWPP
Container Security
Identity Security
Vulnerability Management
DSPM
CADR
API Security
GenAI Security

General

About
Contact
Careers
We are hiring!
Events
Case Studies
Get A Demo

Social

X
LinkedIn
Instagram

Resources

UpwindTV
Feed
Glossary
Integrations
Newsroom

Documentation

Privacy Policy
Terms of Use

© 2025 Upwind Security