Get a Demo
Under Attack?

research

cryptography-framework

From “Encrypt Everything” to “Encrypt for the Quantum Era”: The Upwind Cloud Cryptography Framework

For most of the last decade, cloud security teams have lived by a simple slogan: encrypt everything. Encrypt at rest. Encrypt in transit. Use customer-managed keys. Rotate them. Pass the audit. Move on. That slogan just expired. In August 2024, NIST finalized the first three post-quantum cryptography (PQC) standards and explicitly told organizations: start using…
Miasma: A Worming npm Supply Chain Attack on Red Hat Cloud Services

Miasma: A Worming npm Supply Chain Attack on Red Hat Cloud Services

Executive Summary On June 1, 2026, unauthorized commits were pushed to repositories in the RedHatInsights GitHub organization and used to publish malicious versions of 32 packages under the @redhat-cloud-services npm scope.The campaign, tracked as Miasma, executes a 4.2 MB obfuscated payload through an npm preinstall hook the moment any of these packages is installed, directly…
npm Malware Built for CI:CD and Cloud Compromise

The New Face of Supply Chain Attacks: npm Malware Built for CI/CD and Cloud Compromise

Executive Summary Upwind is tracking an active software supply chain campaign impacting multiple npm packages commonly used across developer tooling, frontend frameworks, CI/CD pipelines, and cloud-native application environments. We identified malicious payloads designed specifically to target CI/CD systems, cloud identities, GitHub credentials, npm publishing workflows, developer machines, and AI developer tooling. The campaign includes install-time…
Shai-Hulud: Here We Go Again – Dissecting a Supply Chain Worm Across the TanStack Ecosystem
Shai-Hulud: Here We Go Again – Dissecting a Supply Chain Worm Across the TanStack Ecosystem

Shai-Hulud: Here We Go Again – Dissecting a Supply Chain Worm Across the TanStack Ecosystem

Executive Summary A new wave of the Mini Shai-Hulud campaign compromised dozens of official @tanstack/* npm packages by abusing CI/CD publishing workflows and trusted npm release mechanisms. Unlike traditional dependency malware focused only on downstream execution, this operation behaves as a self-propagating supply chain worm designed to continuously spread across repositories, developer environments, and CI/CD…
Mini Shai-Hulud npm worm

A Mini Shai-Hulud Has Appeared: Dissecting a Multi-Vector npm Supply Chain Worm

TL;DR: [email protected] is malicious. It uses Bun runtime smuggling for EDR evasion, scrapes GitHub Actions runner memory for secrets, harvests credentials from every major cloud provider and secrets management system, exfiltrates through RSA-4096 encrypted channels, injects a secret-dumping GitHub Actions workflow disguised as Dependabot, poisons every branch of compromised repos with files disguised as Claude…
Shai-Hulud Strikes Again: intercom-client@7.0.4
Shai-Hulud Strikes Again: [email protected]

[email protected] Supply Chain Attack Enables Credential Theft: Shai-Hulud Strikes Again

Executive Summary [email protected] is a compromised npm package used in a supply chain attack to steal GitHub, npm, and multi-cloud credentials. The malicious version introduces a preinstall hook that executes an obfuscated payload, harvesting secrets and exfiltrating them via GitHub APIs. This activity is part of the Shai-Hulud worm campaign targeting CI/CD pipelines. Detection Summary…
LiteLLM Supply Chain Breakdown
LiteLLM Supply Chain Breakdown

LiteLLM Supply Chain Breakdown

Executive Summary On March 24, 2026, the popular Python LLM proxy library litellm suffered a critical software supply chain compromise when malicious versions 1.82.7 and 1.82.8 were published directly to PyPI, bypassing the project's normal GitHub-based release process. At the same time, our security team detected malicious commands being executed on CI/CD runners across different…
Upwind-Nemotron

Building Trusted LLM Security Operations with NVIDIA Nemotron

Executive Summary Large Language Models now sit directly on the edge of production systems. They respond to API calls, generate code, retrieve internal knowledge, and execute workflows, all while accepting free-form input from users they do not control. That input is not structured, validated, or predictable. It is language. And language can be manipulated. This…
Trivy Supply Chain Attack: GitHub Actions Compromise
Trivy Supply Chain Attack: GitHub Actions Compromise

Trivy Supply Chain Incident: GitHub Actions Compromise Breakdown

Executive Summary On March 19-20, 2026, the Trivy supply chain incident impacted the trivy project and the GitHub Actions many teams rely on to install and run Trivy in CI/CD pipelines. Late Thursday night, Upwind’s MDR team observed observed anomalous Trivy activity inside a customer environment that deviated from established runtime baselines. The team identified…
Amazon Bedrock Security
Amazon Bedrock Security

Amazon Bedrock Security: Everything Security Practitioners Need to Know

Amazon Bedrock is AWS’s managed platform for building generative AI applications using foundation models, agents, and Retrieval-Augmented Generation (RAG). It allows organizations to integrate powerful language models directly into their AWS environments, connecting probabilistic AI systems with deterministic cloud services such as IAM, S3, and Lambda. But for cloud security teams, this integration creates a…
CrackArmor: AppArmor Flaws Enable Local Privilege Escalation to Root
CrackArmor: AppArmor Flaws Enable Local Privilege Escalation to Root

CrackArmor: AppArmor Flaws Enable Local Privilege Escalation to Root

Executive Summary CrackArmor is a group of vulnerabilities affecting the Linux kernel AppArmor security module that allow local attackers to interfere with how AppArmor security profiles are managed and enforced. By abusing weaknesses in policy management and kernel profile parsing logic, an attacker with limited system access may weaken AppArmor protections or escalate privileges to…
hackerbot-claw Operation Review: Pull Requests as an Attack Vector in GitHub Actions
hackerbot-claw Operation Review: Pull Requests as an Attack Vector in GitHub Actions

hackerbot-claw Operation Review: Pull Requests as an Attack Vector in GitHub Actions

Executive Summary In February 2026, an autonomous bot named hackerbot-claw exploited insecure GitHub Actions configurations across multiple high-profile repositories. The campaign abused unsafe pull_request_target triggers, unsanitized inputs, dynamic shell execution, and overprivileged GITHUB_TOKEN permissions to achieve remote code execution (RCE) in GitHub-hosted runners. Across at least six repositories, the bot successfully executed arbitrary commands, and…