Back to all posts
RSS for Slack
GHSA-cxm3-wv7p-598c_ Nx Build System Supply-Chain Compromise
Research

GHSA-cxm3-wv7p-598c: Nx Build System Supply-Chain Compromise

On August 26, 2025, the popular Nx build system package was compromised in a sophisticated supply-chain attack. Malicious versions of Nx and related packages were published to npm, embedding malware that scanned developer environments for sensitive credentials and exfiltrated them. This attack stands out not only because of its impact with thousands of developers who […]

Gartner CNAPP-d
Research

2025 Gartner® Market Guide for Cloud-Native Application Protection Platforms: 5 Takeaways That We Believe Matter

Gartner has released the 2025 CNAPP Market Guide. According to Gartner: “​​while numerous providers exist, only a handful offer a comprehensive platform with the required breadth and depth of functionality, particularly emphasizing seamless integration through the development and operations processes.” We believe that Upwind’s inclusion in this group of vendors is a significant milestone. To […]

B-2
Research

Understanding the NVIDIAScape (CVE‑2025‑23266) Container Toolkit Vulnerability – and Why Your AI Workloads Are Most Likely Safe

Overview: CVE-2025-23266 is a container‑escape vulnerability (CVSS 9.0) affecting the NVIDIA Container Toolkit and GPU Operator. While this vulnerability requires multiple specific conditions, it has the potential to allow a malicious container image to escape its sandbox and execute code as root on the host. NVIDIA has released patched versions of both components. Upgrading to Toolkit v1.17.8  and  GPU Operator 25.3.1 […]

CVE_2024_12718_Path_Escape_via_Python’s_tarfile_Extraction_Filters (1)
Research

CVE‑2025‑32463: Critical Sudo “chroot” Privilege Escalation Flaw

A critical vulnerability in sudo (Changelog v1.9.14–1.9.17) allows local users to gain root access via the –chroot (-R) option. This flaw carries a CVSS 3.1 score of 9.3 (Critical). Affected Versions Platform Coverage Why This Matters This flaw originates from a change introduced in sudo 1.9.14. Path resolution began occurring within the chroot environment before the […]

CVE_2024_12718_Path_Escape_via_Python’s_tarfile_Extraction_Filters
Research

CVE-2024-12718: Path Escape via Python’s tarfile Extraction Filters

A newly disclosed vulnerability in Python’s standard library, CVE-2024-12718, allows attackers to modify file metadata or file permissions outside the intended extraction directory. This issue affects systems running Python 3.12 and above when using tarfile.extract() or tarfile.extractall() with the filter parameter set to “data” or “tar”. Though the vulnerability does not allow direct code execution, […]

Linux-Kernel-CVE-2025-37899
Research

Linux Kernel SMB 0-Day Vulnerability CVE-2025-37899 Uncovered Using ChatGPT o3

For the first time, a zero-day vulnerability in the Linux kernel has been discovered using a large language model, OpenAI’s o3. Discovered by security researcher Sean Heelan and assigned CVE-2025-37899, this vulnerability marks a milestone not just in cybersecurity but in the integration of AI into vulnerability research. It also raises serious questions about the […]

Two circular segmented charts with red and blue segments, each showing a partial ring. The left circle has blue segments at the top and red at the bottom; the right circle has a mixed color pattern. upwind logo is in the top left corner.
Research

io_uring: Linux Performance Boost or Security Headache?

The Linux kernel is constantly evolving, and one of the significant additions in recent years is io_uring. Introduced in kernel 5.1 (2019), it’s designed to dramatically speed up input/output (I/O) operations. But as with many powerful tools, it brings new security considerations. Let’s break down what io_uring is, the risks it presents, and how to […]

Blue and red gradient lines curve upward against a light blue background, intersected by orange circles. The word upwind with an underlined u appears in the upper left corner.
Research

Unpacking the Security Risks of Model Context Protocol (MCP) Servers

Modern AI systems, especially large language models (LLMs), are no longer isolated engines responding to static inputs. They’re evolving into intelligent agents, copilots, and autonomous systems that interact with their environment, reason over external data, and adapt in real time. But there’s a fundamental problem: LLMs are powerful, but they don’t know anything outside of […]

A white warning icon with an exclamation mark is centered on a bright pink, patterned background. Below it, text reads: CVE-2025-32433: Critical Erlang/OTP SSH Vulnerability (CVSS 10).
Research

CVE-2025-32433: Critical Erlang/OTP SSH Vulnerability (CVSS 10)

On April 16, 2025, a critical remote code execution (RCE) vulnerability in Erlang’s SSH library was publicly disclosed. Tracked as CVE-2025-32433, this vulnerability received the maximum possible CVSS score of 10.0, signaling how severe and exploitable it is, especially in environments relying on Erlang/OTP for SSH access. Overview What is CVE-2025-32433? Discovered by researchers at […]

Hexagonal icon with an N inside on a pink gradient background with angular lines. Text: IngressNightmare: Admission Webhook Flaw Leading to Remote Code Execution (CVE-2025-1974).
Research

IngressNightmare: How New ingress-nginx Vulnerabilities Threaten Kubernetes Clusters

Kubernetes administrators take note: a critical set of vulnerabilities in the popular ingress-nginx controller—collectively dubbed “IngressNightmare”—could put your entire cluster at risk. In particular, CVE-2025-1974, with a CVSS score of 9.8, allows attackers to take over Kubernetes clusters simply by exploiting the Validating Admission Controller feature. Because ingress-nginx runs in roughly 40% of Kubernetes deployments, […]

Add the Upwind RSS Feed to Slack

Connect the Upwind RSS Feed to your Slack.
Follow the how-to here.