Upwind Security

Quick trip down to San Diego to spend time with some of my favorite people — Eric Goldstein, Jake Martens, Farzan Sharifzada, Moudy Elbayadi, Ph.D., Sara Sullivan — and celebrate EVOTEK’s partnership with Upwind Security. We had the chance to unveil their signage at Petco Park, home of the San Diego Padres — such a great moment to recognize the momentum we’re building together. What made the day even more meaningful is that it came just hours after Upwind identified an active zero-day supply chain attack in npm. They’re already working closely with customers to investigate, contain, and understand the full scope. They’re calling it “Nodes to Snakes” — and it’s a strong reminder of how critical speed, expertise, and partnership are in moments like this. Looking forward to what we build together next. Let’s go! Cesar Enciso Ned Engelke Matt Shufeldt Brad Clayton

It’s AWS Summit season! We’re excited to be across Bengaluru, Singapore, and Sydney. Come meet the Upwind team and discover how we’re redefining modern cloud security with a true runtime-first approach, and why we’ve been selected as an AWS CNAPP Partner of Choice in AWS Security Hub. Join us for live demos, great conversations, and a few surprises along the way. Looking to connect 1:1? Book time with us onsite 👉 https://lnkd.in/gMZaVDmD See you there 🏄♂️ Up & Up #AWSSummit #CloudSecurity #AWS #CNAPP #AWSSecurityHub Gavin Marc Anthony Simarpreet Nelson Lavi Megan Ryan Himanshu Cheyenne Ariel Prabhjot

🏄♂️ Customer obsessed!

🚨 Active Zero-Day Alert: The threat research team at Upwind Security has identified and is actively responding to a new, highly evasive supply chain attack in npm dubbed "Nodes to Snakes." This isn't a spray-and-pray campaign. Malicious packages are deploying scripts that fingerprint the host environment before pulling a second-stage payload, completely evading traditional static and sandbox detection. These threats aren't hacked into your system; they are invited in through trusted dependencies. If you rely on external npm packages, it is urgent that you verify what is actually executing in your environment at runtime, not just what was installed. 🔗 Read Upwind’s full technical breakdown and ongoing updates here: https://lnkd.in/gDa9Xgxh

We're welcoming Drata to the Upwind Lineup, our tech alliance program, and this one solves a problem we hear about constantly. Cloud security has improved visibility. But proving it is still a challenge. Security teams can see risk in real time. But when audits, reviews, or enterprise deals come around, they're still pulling screenshots, chasing down evidence, and stitching together point-in-time snapshots of a constantly changing environment. The security reality and the compliance record live in two different worlds. That gap is exactly where this partnership begins. Upwind provides the runtime context, what's actually happening in your environment right now: which vulnerabilities are truly exploitable, which identities are actively in use, which workloads and APIs are behaving abnormally. It's live signal, not stale data. Drata takes that signal and maps it to controls, creating continuous, audit-ready evidence without manual exports. The result is a clean flow: runtime signal → mapped control → continuous proof. Instead of last-minute audit scrambles and fragmented documentation, teams get a compliance posture that reflects their actual security posture, at all times. Because in modern cloud environments, trust isn't a report you generate once a quarter. It's something you should be able to prove at any moment. Excited to build this out with the Drata team. 🤝 Up & Up! 🏄♂️

We’re in the middle of another wave of supply chain attacks, and this one is already active 🚨 We’ve identified an active zero-day supply chain attack in npm, and we’re working with customers right now to investigate, contain, and understand the scope. Here’s what we know so far, on what we're calling Nodes to Snakes:  • A malicious package pulls a Python script (ld.py) from a remote source  • The script fingerprints the host and builds a unique identifier  • Only then does it retrieve the second stage, likely to evade static and sandbox-based detection  • Data is exfiltrated over port 8000 after being encoded and tied to that unique host signature  • The attacker bypasses standard OS commands, directly accessing low-level system artifacts  • Includes continuous monitoring of the process tree and attempts to extract sensitive data This is not a spray-and-pray attack. It’s selective. It profiles the environment first, then decides how to proceed, a clear attempt to stay ahead of traditional detection approaches. We identified this early and are actively supporting impacted customers while continuing to analyze new samples in real time. What we’re focused on now:  • Understanding second-stage delivery conditions  • Tracking how stolen data and credentials are being used  • Identifying indicators that can help teams detect this before damage is done Supply chain attacks like this don’t break in, they’re invited in through trusted dependencies. And once inside, they operate at runtime, where visibility is often limited. Our threat research team is on standby and will continue sharing validated findings as they come in. If your team needs support, please reach out we are here to help. If you're running workloads that rely on external npm packages, it's urgent that you go and verify what’s actually executing in your environment, not just what was installed. More updates coming soon. For updates and current details, see our blog via link in comments.

Why Salesforce Ventures sees runtime as foundational to the future of cloud security ☁️   Security and DevOps teams are looking for more than visibility. They want guidance they can act on so they can move fast, and Salesforce Ventures believes Upwind’s focus on runtime makes that possible with meaningful ROI.   Runtime is not just for detection and response. It can fundamentally improve the entire security stack. When runtime is brought into CSPM, vulnerability management, and data security, teams get better context and a more actionable way to secure cloud environments.   The same shift is already shaping what comes next, from AI security to application security.   Watch the full interview via link in comments below.   Up & Upwind! 🌊 Amiram Shachar

What a special week in SF at the High Tide House 🌁🌊 This week, we brought the Upwind High Tide House to San Francisco for the biggest week in cybersecurity and created something we're really proud of: a calm in the middle of the storm for security teams and leaders to connect, recharge, and just be in community. All week, the house was full of builders, security leaders, and friends of the community. From early coffee chats to late-night conversations, from new connections to familiar faces, this is exactly what we hoped it would be. We’ll share more from each moment throughout the week. To everyone who stopped by for a coffee, grabbed something from the surf shop, caught a ride on our pedicab, laced up for Cyberkicks, or just sat down for a real conversation, thank you. This is exactly why we created this experience. 💙 Up & Up. 🤙