Research
Part 2: Attackers Love Your GitHub Actions Too
In Part 1 of this blog series, we learned about GitHub Actions and their risks—now comes the fun part. It’s...
Research
Research
Part 1: Attackers Love Your GitHub Actions Too
Why do attackers love GitHub Actions, and why should you care? The answer lies in a dangerous combination of widespread...
Discovered Vulnerabilities
New runC Vulnerabilities Expose Docker and Kubernetes to Container Escape Attacks
This week, three new high-severity vulnerabilities were revealed in runC, the fundamental runtime technology used by most container platforms. This...
Discovered Vulnerabilities
CVE-2025-59287 Explained: Critical WSUS RCE Vulnerability Actively Exploited
On October 23rd, Microsoft released an unusual out-of-band security patch for CVE-2025-59287, a remote code execution vulnerability in WSUS (Windows...
Thought Leadership
Supply Chain Attacks: What Are They and Why Should You Care?
Few threats capture the complexity of today’s digital ecosystem quite like supply chain attacks. These incidents don’t just exploit technical...
Discovered Vulnerabilities
pull_request_nightmare Part 2: Exploiting GitHub Actions for RCE and Supply Chain
Executive summary We have managed to successfully compromise repositories owned by Microsoft, Google, Nvidia and many more using a single...
Discovered Vulnerabilities
pull_request_nightmare Part 1: Exploiting GitHub Actions for RCE and Supply Chain Attacks
Executive Summary: The Orca Research Pod has uncovered critical security risks across several high-profile open source repositories that relied on...
Discovered Vulnerabilities
Massive npm Malware Campaign Infects Popular Packages, @ctrl/tinycolor Affected
TL;DR A new software supply chain attack has been identified, targeting the npm registry and this time impacting more than...
Discovered Vulnerabilities
NPM Packages Compromised: Maintainer ‘qix’ Hacked
Reports have emerged of a major supply chain attack impacting numerous NPM packages maintained by the developer known as “qix.”...