Unlock Runtime Visibility for gVisor Sandboxed Containers

A blue and orange graphic with the Upwind logo in the top left. In the center, an astronaut helmet with a small star is next to the text “gVisor” on a dark blue background with a large orange semi-circle on the left.

Upwind Sensor now brings runtime visibility to gVisor sandboxed containers, proactively identifying threats in environments built for maximum isolation. gVisor acts as a security layer between containerized apps and the host OS, improving security and isolation, which is especially important for containers running sensitive workloads. With our new support for gVisor, strong isolation no longer comes […]

Road to Gold – with Champion Windsurfer Tom Reuveny

Olympic Gold medalist Tom Reuveny was joined by our CEO Amiram Shachar at the beach for an inspiring conversation just before they headed out to surf – or as we like to say, go Upwind. Tom shared the story behind his journey to gold: the discipline, resilience, and relentless drive it took to reach the […]

A New Era of Cloud Risk Detection: Custom Posture Rules & Frameworks in Upwind

A user interface for creating a rule in Upwind, showing options to select a framework, rule category, rule name, and override severity level. Buttons for Cancel and Save appear at the bottom.

Cloud environments continue to grow in complexity—and with them, the risk surface expands. CISOs and security leaders are now contending with an increasing volume of posture alerts, many of which fail to account for real-world exploitability. Traditional posture frameworks, while rooted in best practices, often fail to prioritize real risks. They evaluate risk by individual […]

Upwind Inventory 2.0: Discover, Query, and Enforce with Runtime Context

Inventory 2-0-c

Today, we’re introducing one of the most important upgrades we’ve ever made to the Upwind platform – designed to solve a persistent problem for security teams: connecting inventory data with real-time enforcement and meaningful policy impact. This release brings a new level of enhanced inventory management that redefines how security teams discover, query, and enforce […]

io_uring: Linux Performance Boost or Security Headache?

Two circular segmented charts with red and blue segments, each showing a partial ring. The left circle has blue segments at the top and red at the bottom; the right circle has a mixed color pattern. upwind logo is in the top left corner.

The Linux kernel is constantly evolving, and one of the significant additions in recent years is io_uring. Introduced in kernel 5.1 (2019), it’s designed to dramatically speed up input/output (I/O) operations. But as with many powerful tools, it brings new security considerations. Let’s break down what io_uring is, the risks it presents, and how to […]

Upwind Acquires Nyx to Redefine Application Runtime Security

The image features the upwind logo with a colored bar above the u and the nyx logo in a blue box, separated by a vertical line, on a pastel gradient background with diagonal streaks.

Today, I’m excited to announce that Upwind has acquired Nyx Security, a breakthrough startup specializing in real-time application-layer threat detection. This marks Upwind’s first acquisition – and a major leap forward in delivering end-to-end cloud security across both the infrastructure and the applications running on top of it. Application-Layer Runtime Changes Everything Runtime threats are […]

Upwind Integrates with your Existing DevSecOps Workflow – Here’s How

A curved row of popular software logos, including Steam, GitHub, Octopus Deploy, Jenkins, Jira, Slack, PagerDuty, Microsoft Teams, and Splunk, with the Upwind logo in the top left corner.

Too many security tools create friction – forcing you to choose between speed and safety, or bolting on yet another dashboard. Integrating security tools shouldn’t slow you down;  it should make your pipeline smarter, faster, and safer. Upwind is designed to seamlessly integrate into your existing DevSecOps workflow, enhancing visibility and control without disrupting your […]

Upwind Delivers Faster Time-To-Value for CIS GKE

A blue circle with a white abstract cube logo in the center, radiating thin blue lines outward. The word upwind is in the top left corner on a white background.

Upwind helps you achieve faster time-to-value on Google Kubernetes Engine (GKE) by continuously monitoring workloads, detecting threats in real time, and enforcing  posture and compliance through frameworks such as Center for Internet Security Google Kubernetes Engine benchmarks (CIS GKE). Our support enables you to achieve faster time-to-value with the CIS GKE benchmark by utilizing the […]

Unpacking the Security Risks of Model Context Protocol (MCP) Servers

Blue and red gradient lines curve upward against a light blue background, intersected by orange circles. The word upwind with an underlined u appears in the upper left corner.

Modern AI systems, especially large language models (LLMs), are no longer isolated engines responding to static inputs. They’re evolving into intelligent agents, copilots, and autonomous systems that interact with their environment, reason over external data, and adapt in real time. But there’s a fundamental problem: LLMs are powerful, but they don’t know anything outside of […]

CVE-2025-32433: Critical Erlang/OTP SSH Vulnerability (CVSS 10)

A white warning icon with an exclamation mark is centered on a bright pink, patterned background. Below it, text reads: CVE-2025-32433: Critical Erlang/OTP SSH Vulnerability (CVSS 10).

On April 16, 2025, a critical remote code execution (RCE) vulnerability in Erlang’s SSH library was publicly disclosed. Tracked as CVE-2025-32433, this vulnerability received the maximum possible CVSS score of 10.0, signaling how severe and exploitable it is, especially in environments relying on Erlang/OTP for SSH access. Overview What is CVE-2025-32433? Discovered by researchers at […]