Currently Browsing:

Research

TL;DR: [email protected] is malicious. It uses Bun runtime smuggling for EDR evasion, scrapes GitHub Actions runner memory for secrets, harvests credentials from every major cloud provider and secrets management system, exfiltrates through RSA-4096 encrypted channels, injects a secret-dumping GitHub Actions workflow disguised as Dependabot, poisons every branch of compromised repos with files disguised as Claude […]

Executive Summary [email protected] is a compromised npm package used in a supply chain attack to steal GitHub, npm, and multi-cloud credentials. The malicious version introduces a preinstall hook that executes an obfuscated payload, harvesting secrets and exfiltrating them via GitHub APIs. This activity is part of the Shai-Hulud worm campaign targeting CI/CD pipelines. Detection Summary […]

Executive Summary Our research team identified a sophisticated supply chain attack targeting SAP Cloud Application Programming (CAP) framework packages. The campaign demonstrates advanced techniques for compromising trusted publishing pipelines and injecting malicious code directly into enterprise CI/CD workflows. The activity has been attributed to TeamPCP, a financially motivated threat actor known for large-scale supply chain […]

Notes on the Vercel / Context.ai OAuth incident, and how Upwind stands with its community through moments like these. On April 19, Vercel disclosed a security incident stemming from a compromise of a third-party AI tool, Context.ai, whose Google Workspace OAuth application was abused by an attacker. A Vercel employee signed into Context.ai using their […]

Executive Summary Our researchers and MDR team identified an npm supply chain attack involving malicious axios packages that leads to the execution of a Python-based payload on infected machines. The malware fingerprints the host, collects basic system and user environment data, and then communicates with attacker-controlled infrastructure to receive follow-on instructions. Rather than acting noisily, […]

Executive Summary On March 24, 2026, the popular Python LLM proxy library litellm suffered a critical software supply chain compromise when malicious versions 1.82.7 and 1.82.8 were published directly to PyPI, bypassing the project’s normal GitHub-based release process. At the same time, our security team detected malicious commands being executed on CI/CD runners across different […]

Executive Summary Large Language Models now sit directly on the edge of production systems. They respond to API calls, generate code, retrieve internal knowledge, and execute workflows, all while accepting free-form input from users they do not control. That input is not structured, validated, or predictable. It is language. And language can be manipulated. This […]

Executive Summary On March 19-20, 2026, the Trivy supply chain incident impacted the trivy project and the GitHub Actions many teams rely on to install and run Trivy in CI/CD pipelines. Late Thursday night, Upwind’s MDR team observed observed anomalous Trivy activity inside a customer environment that deviated from established runtime baselines. The team identified […]

Amazon Bedrock is AWS’s managed platform for building generative AI applications using foundation models, agents, and Retrieval-Augmented Generation (RAG). It allows organizations to integrate powerful language models directly into their AWS environments, connecting probabilistic AI systems with deterministic cloud services such as IAM, S3, and Lambda. But for cloud security teams, this integration creates a […]

Executive Summary CrackArmor is a group of vulnerabilities affecting the Linux kernel AppArmor security module that allow local attackers to interfere with how AppArmor security profiles are managed and enforced. By abusing weaknesses in policy management and kernel profile parsing logic, an attacker with limited system access may weaken AppArmor protections or escalate privileges to […]