Introducing Upwind Attack Surface Management: Find the Exposures That Matter Before Attackers Do
We’re excited to announce Upwind Attack Surface Management (ASM), a new way for security teams to discover unknown attack surfaces, understand risk exposure, and prioritize the issues that matter most. Security teams have spent years improving visibility across their environments….
Investigate Faster, Detect Smarter: The Next Wave of Upwind AI Threat Detection
The moment an attacker initiates access to your network, evidence starts to appear, and in that moment, detections start to fire. That’s the moment you just start the hard part of investigating and discovering the true attack chain. Our goal…
Miasma: A Worming npm Supply Chain Attack on Red Hat Cloud Services
Executive Summary On June 1, 2026, unauthorized commits were pushed to repositories in the RedHatInsights GitHub organization and used to publish malicious versions of 32 packages under the @redhat-cloud-services npm scope. The campaign, tracked as Miasma, executes a 4.2 MB…
Validate Real Cloud Risk with Red, the Validation Agent
After teams identify the risks that matter, the next challenge is proving which ones are actually exploitable. Severity scores, exposure labels, and long lists of findings can point teams in the right direction, but they do not always show whether…
Accelerate Cloud Security Investigations with Blue, the SecOps Agent
The AI threat landscape is moving faster on both sides. Attackers are using AI to scale campaigns, accelerate exploit development, and move faster from discovery to execution. Defenders need AI that helps them keep pace without adding noise or pulling…
The AI Threat Landscape Demands a New Cloud Security Model
This week, the Shai-Hulud npm campaign showed how quickly a compromised package can move through the software supply chain, jumping across trusted dependencies and reaching build pipelines before many teams even knew what they were looking at. But this is…
From Nodes to Snakes: npm Supply Chain Attack Delivers Python Payload via axios
Executive Summary Our researchers and MDR team identified an npm supply chain attack involving malicious axios packages that leads to the execution of a Python-based payload on infected machines. The malware fingerprints the host, collects basic system and user environment…
Building Trusted LLM Security Operations with NVIDIA Nemotron
Executive Summary Large Language Models now sit directly on the edge of production systems. They respond to API calls, generate code, retrieve internal knowledge, and execute workflows, all while accepting free-form input from users they do not control. That input…
Trivy Supply Chain Incident: GitHub Actions Compromise Breakdown
Executive Summary On March 19-20, 2026, the Trivy supply chain incident impacted the trivy project and the GitHub Actions many teams rely on to install and run Trivy in CI/CD pipelines. Late Thursday night, Upwind’s MDR team observed observed anomalous…
Shai-Hulud 3.0: npm Supply Chain Worm Reappears With Enhanced Obfuscation
Executive Summary: The Three-Headed Mystery Shai-Hulud 3.0, the sandworm, is back. But is it a new monster, or just the same old worm with a new trick? The security community is currently buzzing about rumors of “Shai-Hulud 3.0.” Reports suggest…