Cloud Security Research & Threat Intelligence

Digital illustration of a large npm package box breaking apart under pressure with red light rays emitting from cracks, symbolizing a supply chain security threat.

144 Mastra npm Packages Compromised via Supply Chain Attack

A critical supply chain attack was disclosed affecting the entire @mastra/* npm scope, allowing attackers to deploy a cross-platform infostealer on any system that installed affected packages. Due to the potential for credential theft, cryptocurrency wallet compromise, and full system persistence, immediate remediation is required for all affected environments. Technical Overview The issue originates from …

June 17, 2026
By The Orca Research Pod

Latest

All Latest

Explore

Discovered Vulnerabilities

Digital illustration of a winding data stream that splits into two paths, one continuing with glowing blue particles and the other filled with glowing red particles.

How Orca Traced an nginx Flaw to 1.45 Million Tengine Servers All Running Vulnerable Code

TL;DR When a critical nginx vulnerability hits the headlines, security teams patch nginx. But what if the same vulnerable code is running somewhere they’re not looking? While the rest of the industry was busy patching nginx, Orca’s Threat Research Team was asking a different question and the answer led us straight to Tengine. Tengine, Alibaba’s …

June 16, 2026
By Daniel Ufliand & Yonatan Levi

Cyber-themed illustration of a Linux SMB3 server with a broken padlock, symbolizing a missing lock vulnerability in ksmbd.

CVE-2026-23226: How a Missing Lock in ksmbd’s Channel List Exposes Your Linux SMB3 Server

April 08, 2026

A stylized graphic of a pickle smashing into a pipeline

Pickle in the Pipeline: Critical RCE Vulnerabilities in SGLang’s LLM Serving Framework

March 11, 2026

Stylized 3D visualization of an active cybersecurity exploit featuring glowing red computer code fragments and a central target aperture.

Actively Exploited Chrome Zero-Day May Impact Enterprise, Developer, and Automation Environments

February 23, 2026

A stylized graphic of ominous clouds with a digitized skull on top

RoguePilot: Exploiting GitHub Copilot for a Repository Takeover

February 16, 2026

All Discovered Vulnerabilities

In the News

All In the News

2026 State of Application Security Report: When Development Velocity Outpaces Security

Get the Report

144 Mastra npm Packages Compromised via Supply Chain Attack

Latest

How Orca Traced an nginx Flaw to 1.45 Million Tengine Servers All Running Vulnerable Code

Critical Langflow Path Traversal Flaw Exploited for Unauthenticated RCE

Critical PhpSpreadsheet RCE Patch Bypass Puts Millions at Risk

Critical Splunk Enterprise Vulnerabilities Allow Unauthenticated File Operations and Remote Code Execution

Explore

Discovered Vulnerabilities

How Orca Traced an nginx Flaw to 1.45 Million Tengine Servers All Running Vulnerable Code

CVE-2026-23226: How a Missing Lock in ksmbd’s Channel List Exposes Your Linux SMB3 Server

Pickle in the Pipeline: Critical RCE Vulnerabilities in SGLang’s LLM Serving Framework

Actively Exploited Chrome Zero-Day May Impact Enterprise, Developer, and Automation Environments

RoguePilot: Exploiting GitHub Copilot for a Repository Takeover

‘Orca Watch’ Series

144 Mastra npm Packages Compromised via Supply Chain Attack

Critical Langflow Path Traversal Flaw Exploited for Unauthenticated RCE

Critical PhpSpreadsheet RCE Patch Bypass Puts Millions at Risk

Critical Splunk Enterprise Vulnerabilities Allow Unauthenticated File Operations and Remote Code Execution

Massive PyPI Supply Chain Attack Harvests Cloud Credentials via Python Startup Hooks

Technical Deep Dives

CVE-2026-23226: How a Missing Lock in ksmbd’s Channel List Exposes Your Linux SMB3 Server

Supply Chain Attack on Axios Delivers Cross-Platform RAT via Compromised npm Account

Post-Exploitation at Scale: The Rise of AILM

Watch the Typo: Our PoC Exploit for Typosquatting in GitHub Actions

Kubernetes Testing Environment: An Open Source Resilience Platform for EKS, GKE and AKS

Thought Leadership

Orca Security Recognized in the 2026 TAG Enterprise AI Security Handbook

Navigating Cloud Security in 2026: Join Cloud Security LIVE

Anthropic’s Project Glasswing Is a Positive Step Toward Cleaner, Safer Production

AI Is Entering Your Infrastructure. Now what?

Beyond the Sticker Price: Understanding the True Cost of Your Security Tools

In the News

The 10 Hottest Cybersecurity Tools And Products Of 2025 (So Far)

From ’Shadow AI’ To Agentic Anarchy, AI-SPM Is Key To Visibility: Experts

Cloud security faces mounting threats, Orca warns

2026 State of Application Security Report: When Development Velocity Outpaces Security

Featured

144 Mastra npm Packages Compromised via Supply Chain Attack

Latest

How Orca Traced an nginx Flaw to 1.45 Million Tengine Servers All Running Vulnerable Code

Critical Langflow Path Traversal Flaw Exploited for Unauthenticated RCE

Critical PhpSpreadsheet RCE Patch Bypass Puts Millions at Risk

Critical Splunk Enterprise Vulnerabilities Allow Unauthenticated File Operations and Remote Code Execution

Discovered Vulnerabilities

How Orca Traced an nginx Flaw to 1.45 Million Tengine Servers All Running Vulnerable Code

CVE-2026-23226: How a Missing Lock in ksmbd’s Channel List Exposes Your Linux SMB3 Server

Pickle in the Pipeline: Critical RCE Vulnerabilities in SGLang’s LLM Serving Framework

Actively Exploited Chrome Zero-Day May Impact Enterprise, Developer, and Automation Environments

RoguePilot: Exploiting GitHub Copilot for a Repository Takeover

‘Orca Watch’ Series

144 Mastra npm Packages Compromised via Supply Chain Attack

Critical Langflow Path Traversal Flaw Exploited for Unauthenticated RCE

Critical PhpSpreadsheet RCE Patch Bypass Puts Millions at Risk

Critical Splunk Enterprise Vulnerabilities Allow Unauthenticated File Operations and Remote Code Execution

Massive PyPI Supply Chain Attack Harvests Cloud Credentials via Python Startup Hooks

Technical Deep Dives

CVE-2026-23226: How a Missing Lock in ksmbd’s Channel List Exposes Your Linux SMB3 Server

Supply Chain Attack on Axios Delivers Cross-Platform RAT via Compromised npm Account

Post-Exploitation at Scale: The Rise of AILM

Watch the Typo: Our PoC Exploit for Typosquatting in GitHub Actions

Kubernetes Testing Environment: An Open Source Resilience Platform for EKS, GKE and AKS

Thought Leadership

Orca Security Recognized in the 2026 TAG Enterprise AI Security Handbook

Navigating Cloud Security in 2026: Join Cloud Security LIVE

Anthropic’s Project Glasswing Is a Positive Step Toward Cleaner, Safer Production

AI Is Entering Your Infrastructure. Now what?

Beyond the Sticker Price: Understanding the True Cost of Your Security Tools

The 10 Hottest Cybersecurity Tools And Products Of 2025 (So Far)

From ’Shadow AI’ To Agentic Anarchy, AI-SPM Is Key To Visibility: Experts

Cloud security faces mounting threats, Orca warns

2026 State of Application Security Report: When Development Velocity Outpaces Security