GitHub Actions Supply Chain Compromise: tj-actions/changed-files Action

Warning icon with an exclamation mark on a pink background with concentric circles. Text below reads: GitHub Actions Supply Chain Compromise: tj-actions/changed-files Action.

We are actively responding to a significant security breach involving the widely used GitHub Action, tj-actions/changed-files. Current findings indicate that nearly all tagged versions of tj-actions/changed-files have been compromised, resulting in direct access to running containers and virtual machines’ memory, allowing the extraction of sensitive secrets, information, and code. This is happening through the following command […]

New CVE-2024-5591 Zero-Day Exploitation of Fortinet Firewalls 

A red background with a white bug icon symbolizes a critical vulnerability. The text reads: Critical Vulnerability Impacting FortiOS and FortiProxy Systems (CVE-2024-55591) with Upwind logo in the top-right corner.

On January 14, 2025, Fortinet announced a critical vulnerability impacting its FortiOS and FortiProxy systems, CVE-2024-55591 is an authentication  bypass zero-day vulnerability that has been actively exploited since mid-November 2024, enabling attackers to hijack Fortinet firewalls and compromise enterprise networks. Successful exploitation grants remote attackers super-admin privileges via malicious requests to the Node.js websocket module. Discovery […]

Introducing New Runtime Security Features for Modern Containerized Environments

Abstract pink and red circular design with a small shield icon containing a white virus symbol at the center. The image has a modern, minimalist style, accompanied by the text upwind in the top left corner.

At Upwind Security, we continuously enhance our security capabilities to address emerging threats and provide unparalleled runtime protection for containerized environments. In this update, we are excited to introduce new detection and prevention policies designed to secure workloads against sophisticated attacks.  Next-Generation Threat Detections Over the past several weeks we have added additional detection policies […]

New Zero-Day Exploitation of Ivanti Connect Secure VPN Devices with CVE-2025-0282 and CVE-2025-0283

A warning icon in a triangular shape is centered against a pink background. Text below reads: Zero-Day Exploitation of Ivanti Connect Secure VPN Devices (CVE-2025-0282 & CVE-2025-0283). The Upwind logo is in the top right corner.

On January 8, 2025, Ivanti announced two critical vulnerabilities impacting its Connect Secure (ICS) VPN appliances: CVE-2025-0282 and CVE-2025-0283. Notably, CVE-2025-0282 has been actively exploited in the wild since mid-December 2024. This vulnerability, an unauthenticated stack-based buffer overflow, allows remote code execution without authentication, posing a serious risk of further network compromise. Discovery and Response […]

Apache Tomcat Vulnerability CVE-2024-56337 Exposes Servers to RCE

An illustration with a pink background featuring a white bug icon. Text reads: Apache Tomcat Vulnerability (CVE-2024-56337) Exposes Servers to RCE. The Upwind logo is in the top right corner.

Overview Apache has released a security update to address an important Apache Tomcat vulnerability (CVE-2024-56337) that could result in remote code execution (RCE) under certain conditions. This new CVE is closely tied to the earlier Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation (CVE-2024-50379), for which an incomplete mitigation was issued on December 17, […]

Kubernetes Dashboard: Features, Security Concerns, and Best Practices

A geometric illustration featuring a large blue hexagon with a white abstract design in the center, surrounded by various pastel blue and red rectangles. The word Upwind is in the top left corner.

The Kubernetes Dashboard is a popular web-based interface designed to simplify the management of Kubernetes clusters. It provides an intuitive UI that allows users to view and manage cluster resources without needing to work directly with command-line tools. However, while convenient, the Kubernetes Dashboard also presents specific security risks that should be carefully managed, especially […]

Ransomware’s Reach: Data Risks, IP Theft, and Encryption Takeover in the Cloud

A pink cloud icon with a lock symbol in a smaller circle on a white background, surrounded by concentric circles. The word upwind is in the top left corner.

In our previous article on Cloud Heists, we highlighted how attackers exploit credential theft and privilege escalation to take over cloud environments. However, ransomware poses an even broader threat, targeting cloud platforms to steal sensitive data, disrupt business operations, and hold companies hostage. In this post, we’ll explore these growing ransomware trends and offer insights […]

Critical RCE Vulnerability in jsonpath-plus (CVE-2024-21534)

A pink background with concentric circles features a white bug icon in a circle and text below reading Critical RCE Vulnerability in jsonpath-plus (CVE-2024-21534). The word upwind appears in the top right corner.

A critical Remote Code Execution (RCE) vulnerability identified as CVE-2024-21534 has been discovered in versions of the jsonpath-plus package before 10.0.0. This vulnerability allows attackers to execute arbitrary code on affected systems by exploiting improper input sanitization and the unsafe default usage of the vm module in Node.js. jsonpath-plus is a JavaScript implementation of JSONPath […]

Analyzing the Latest CUPS RCE Vulnerability: Threats and Mitigations

A pink graphic shows a penguin inside a circle, symbolizing Linux, and an icon representing printing. The text reads Analyzing the Latest CUPS RCE Vulnerability: Threats and Mitigations with the Upwind logo in the top right corner.

Remote Code Execution (RCE) in CUPS via ‘cups-browsed’ CUPS (Common Unix Printing System) is a popular printing system for Unix-like systems, with cups-browsed responsible for printer discovery and network browsing. A recent vulnerability in cups-browsed allows Remote Code Execution (RCE) through manipulated printer discovery responses. This vulnerability is caused by insufficient input validation on UDP […]

Critical 9.9 Linux Bug Exposes Containers, Hosts and Endpoints to Remote Code Execution (RCE) Exploits

A stylized image with a pink background features a penguin inside a circle, symbolizing Linux. Next to it is a printer icon. Text reads Critical 9.9 Linux (CUPS) Vulnerability followed by CVE identifiers. The top right corner has the Upwind logo.

Several critical Linux vulnerabilities have been declared, involving a bug in CUPS, the Common UNIX Printing System. All versions of Red Hat Enterprise Linux (RHEL) are among the Linux distributions affected, but not in default configuration.  There are four vulnerabilities that have been identified and allocated the following CVEs – CVE-2024-47076, CVE-2024-47175, CVE-2024-47176 and CVE-2024-47177. […]