Executive Summary Our researchers and MDR team identified an npm supply chain attack involving malicious axios packages that leads to the execution of a Python-based payload on infected machines. The malware fingerprints the host, collects basic system and user environment data, and then communicates with attacker-controlled infrastructure to receive follow-on instructions. Rather than acting noisily, […]

Executive Summary Large Language Models now sit directly on the edge of production systems. They respond to API calls, generate code, retrieve internal knowledge, and execute workflows, all while accepting free-form input from users they do not control. That input is not structured, validated, or predictable. It is language. And language can be manipulated. This […]

Executive Summary On March 19-20, 2026, the Trivy supply chain incident impacted the trivy project and the GitHub Actions many teams rely on to install and run Trivy in CI/CD pipelines. Late Thursday night, Upwind’s MDR team observed observed anomalous Trivy activity inside a customer environment that deviated from established runtime baselines. The team identified […]

Executive Summary: The Three-Headed Mystery Shai-Hulud 3.0, the sandworm, is back. But is it a new monster, or just the same old worm with a new trick? The security community is currently buzzing about rumors of “Shai-Hulud 3.0.” Reports suggest the sandworm has returned and panic levels are high. But when we look at the […]

A severe flaw has been discovered in Apache Tika, the widely adopted framework for document parsing and content extraction. Tracked as CVE-2025-66516 with a CVSS score of 10.0, the issue enables XML External Entity (XXE) attacks through specially crafted PDF files. This new advisory replaces CVE-2025-54988. Although the earlier notice pointed to the PDF parser […]

We are excited to announce a major expansion of the Upwind Runtime Attack Surface Management. This release extends support for GCP, OCI, and Azure resources, bringing true multi-cloud parity while deepening AWS support with expanded support for AWS Lambda, SNS, Elasticache, and Redis. Beyond coverage, we are introducing Deep Data Scanning – a new ASM […]

Today, we’re expanding the Upwind CNAPP with Upwind AI, a set of tightly integrated capabilities that take AI security far beyond configuration checks or endpoint monitoring. As AI becomes embedded in every layer of cloud infrastructure, security teams need a way to understand not just where AI is running, but how it behaves, what it […]

On October 3rd, Redis published an advisory for a critical vulnerability in its Lua engine that could lead from a memory leak to remote code execution. It was initially, and surprisingly, assigned a CVSS 3.1 score of 10.0. While the score has since been debated and adjusted, the core issue remains: an attacker with privileges […]

A critical vulnerability was disclosed in Argo CD, a popular GitOps continuous delivery tool. This flaw allows project-level API tokens to retrieve sensitive repository credentials such as usernames and passwords, even when those tokens do not have explicit permissions to access secrets. Overview Argo CD uses project-level tokens to automate deployment workflows and manage applications.Due […]

Overview: CVE-2025-23266 is a container‑escape vulnerability (CVSS 9.0) affecting the NVIDIA Container Toolkit and GPU Operator. While this vulnerability requires multiple specific conditions, it has the potential to allow a malicious container image to escape its sandbox and execute code as root on the host. NVIDIA has released patched versions of both components. Upgrading to Toolkit v1.17.8  and  GPU Operator 25.3.1 […]