Today, we’re excited to announce the release of the enhanced Upwind Threat Dashboard, part of our ongoing commitment to continuously improving how we help security teams protect their environments. Threat landscapes are evolving rapidly, and so are we. This upgrade builds on what customers already rely on, introducing powerful new capabilities that make it easier […]

On September 16, 2025, a large-scale npm supply chain attack was discovered, which seems to be linked to the same threat actors behind the August 27 Nx compromise (under ongoing investigation). Dubbed Shai Hulud, this self-propagating worm has infected nearly 40 npm packages, including several from CrowdStrike, by harvesting secrets from CI/CD pipelines and cloud […]

Today, we’re introducing the Upwind Serverless Framework, a new runtime-first compliance framework purpose-built for serverless environments. Upwind has long provided runtime visibility into serverless workloads; this framework builds on that foundation by aligning real-time behavior with compliance controls, making it easier to detect misconfigurations, enforce least privilege, and surface risks that matter. It helps security […]

August 21, 2025 – CrowdStrike disclosed ongoing activity by MURKY PANDA, a state-aligned Chinese espionage group purpose-built for the cloud. Unlike many threat actors who adapt legacy tactics, MURKY PANDA designs operations around cloud-native infrastructure from the ground up. Their latest campaign combines a Linux malware strain, a Commvault zero-day exploit, and identity abuse in Microsoft […]

In today’s fast-paced development environments, the speed of software delivery has outpaced traditional security workflows. APIs are often published before they’re reviewed, cloud resources are deployed via automation, and new vulnerabilities emerge in runtime that never existed in dev or staging. It’s estimated that over 50% of data breaches by 2025 will originate from unprotected […]

On September 8, 2025, one of the largest npm supply chain incidents in recent history unfolded. Popular libraries like debug and chalk along with 16 other utilities were hijacked and pushed to npm with malicious code targeting cryptocurrency wallets and blockchain transactions. These packages collectively have billions of weekly downloads, making this compromise both widespread […]

A critical vulnerability was disclosed in Argo CD, a popular GitOps continuous delivery tool. This flaw allows project-level API tokens to retrieve sensitive repository credentials such as usernames and passwords, even when those tokens do not have explicit permissions to access secrets. Overview Argo CD uses project-level tokens to automate deployment workflows and manage applications.Due […]

APIs are the foundation of modern software. From mobile apps to cloud-native platforms, they allow services to communicate, scale, and deliver value quickly. In fact, more than 70% of all internet traffic flows through APIs today, which makes them both essential and high-risk. But as APIs have become more critical, they’ve also become one of […]

In the cloud, time is always against you. Every moment a critical vulnerability lingers unpatched is an opening for attackers. Security scans often surface hundreds, or even thousands, of findings at once, assigning SLAs (Service Level Agreements) based on outdated or irrelevant information. For most teams, this means hours lost triaging findings instead of closing […]

On August 26, 2025, the popular Nx build system package was compromised in a sophisticated supply-chain attack. Malicious versions of Nx and related packages were published to npm, embedding malware that scanned developer environments for sensitive credentials and exfiltrated them. This attack stands out not only because of its impact with thousands of developers who […]