Executive Summary CVE-2025-68664 is a critical serialization injection vulnerability in LangChain that affects how data is serialized using dumps() and dumpd(), and later reconstructed using load() and loads(). The issue stems from a failure to properly escape user-controlled dictionaries that contain the reserved lc key. Because this key is used internally by LangChain to represent […]

Executive Summary A critical unauthenticated vulnerability (CVE-2025-14847) has been identified in MongoDB Server, affecting how the database processes zlib-compressed network traffic. Under specific conditions, a remote attacker can trigger MongoDB to return uninitialized heap memory as part of a server response. Because this data originates from process memory, it may contain fragments of previously handled […]

Today, we’re excited to announce expanded configuration override settings, a new set of capabilities that give teams greater control over how configuration risk is prioritized. With support for rule-level severity overrides and in-platform commenting, teams can now apply context and collaborate directly where risk decisions are made. Earlier this year, we introduced Upwind’s Open Source Security model, along […]

In the past decade, the cloud revolution evolved into a major movement – one that introduced a new and complex attack surface. Attackers are increasingly targeting public cloud environments, leveraging misconfigurations and native cloud features to gain initial access, establish persistence, and achieve their malicious objectives. In this article, we dive into attack vectors in […]

Today, we’re excited to announce the general availability of Upwind’s new End of Life (EOL)  and End of Support (EOS) Visibility, now accessible to all customers and POCs. This feature brings clarity to lifecycle risk across cloud environments and represents a meaningful advancement in strengthening operational resilience. Importantly, this capability was shaped directly by customer […]

Today, we’re excited to introduce GitLab Automated Repository Scanning, a major upgrade to Upwind’s Shift-Left security capabilities that brings automatic, real-time scanning directly into the GitLab merge request workflows. With this new capability, every merge request across all your GitLab repositories is scanned the moment it’s opened, without requiring developers to modify CI/CD pipelines or […]

Artificial intelligence is rapidly becoming embedded in core engineering workflows. Organizations are integrating LLMs into customer-facing applications, code generation pipelines, triage automation, and even parts of their CI/CD and cloud-management ecosystems. But the moment AI crossed into production, a new reality emerged: AI vulnerabilities behave fundamentally differently from traditional software vulnerabilities. They don’t follow the […]

Executive Summary CVE-2025-8110 is an actively exploited, unpatched Remote Code Execution (RCE) vulnerability affecting all Gogs versions ≤ 0.13.3. The flaw allows authenticated users to bypass path-traversal protections through a symlink-based file-write bypass, enabling arbitrary file overwrite on the host server and ultimately full system compromise. With no official patch available and exploitation occurring in […]

We’re excited to share that EPSS (Exploit Prediction Scoring System) scoring is now available in Upwind’s Vulnerability Management module. This brings data-driven exploit likelihood insights directly into your vulnerability workflows, helping teams prioritize remediation based on real-world risk rather than theoretical severity alone. What Is EPSS? Security teams face thousands of vulnerabilities each week. The […]

AWS re:Invent 2025 marked a major milestone for Upwind. Throughout the week, we introduced significant platform innovations, expanded our leadership in runtime-first cloud security, and met thousands of builders, security engineers, and executives invested in securing the future of cloud and AI infrastructure. Below is a full recap of every announcement, event, and moment from […]