The AI threat landscape is moving faster on both sides. Attackers are using AI to scale campaigns, accelerate exploit development, and move faster from discovery to execution. Defenders need AI that helps them keep pace without adding noise or pulling teams away from the work that matters most. Prioritization helps teams focus on the risks […]

This week, the Shai-Hulud npm campaign showed how quickly a compromised package can move through the software supply chain, jumping across trusted dependencies and reaching build pipelines before many teams even knew what they were looking at. But this is not just an npm story, and it is not just a story about one campaign. […]

Executive Summary Our researchers and MDR team identified an npm supply chain attack involving malicious axios packages that leads to the execution of a Python-based payload on infected machines. The malware fingerprints the host, collects basic system and user environment data, and then communicates with attacker-controlled infrastructure to receive follow-on instructions. Rather than acting noisily, […]

Executive Summary Large Language Models now sit directly on the edge of production systems. They respond to API calls, generate code, retrieve internal knowledge, and execute workflows, all while accepting free-form input from users they do not control. That input is not structured, validated, or predictable. It is language. And language can be manipulated. This […]

Executive Summary On March 19-20, 2026, the Trivy supply chain incident impacted the trivy project and the GitHub Actions many teams rely on to install and run Trivy in CI/CD pipelines. Late Thursday night, Upwind’s MDR team observed observed anomalous Trivy activity inside a customer environment that deviated from established runtime baselines. The team identified […]

Executive Summary: The Three-Headed Mystery Shai-Hulud 3.0, the sandworm, is back. But is it a new monster, or just the same old worm with a new trick? The security community is currently buzzing about rumors of “Shai-Hulud 3.0.” Reports suggest the sandworm has returned and panic levels are high. But when we look at the […]

A severe flaw has been discovered in Apache Tika, the widely adopted framework for document parsing and content extraction. Tracked as CVE-2025-66516 with a CVSS score of 10.0, the issue enables XML External Entity (XXE) attacks through specially crafted PDF files. This new advisory replaces CVE-2025-54988. Although the earlier notice pointed to the PDF parser […]

We are excited to announce a major expansion of the Upwind Runtime Attack Surface Management. This release extends support for GCP, OCI, and Azure resources, bringing true multi-cloud parity while deepening AWS support with expanded support for AWS Lambda, SNS, Elasticache, and Redis. Beyond coverage, we are introducing Deep Data Scanning – a new ASM […]

Today, we’re expanding the Upwind CNAPP with Upwind AI, a set of tightly integrated capabilities that take AI security far beyond configuration checks or endpoint monitoring. As AI becomes embedded in every layer of cloud infrastructure, security teams need a way to understand not just where AI is running, but how it behaves, what it […]

On October 3rd, Redis published an advisory for a critical vulnerability in its Lua engine that could lead from a memory leak to remote code execution. It was initially, and surprisingly, assigned a CVSS 3.1 score of 10.0. While the score has since been debated and adjusted, the core issue remains: an attacker with privileges […]