Cloud Security Research & Threat Intelligence

Digital illustration of a shattered software supply chain, featuring a central glowing cracked cube and broken chain links against a cloudscape.

Skill Issues: How We Discovered Supply Chain Attack Vectors in an AI Agent Skills Marketplace

AI-powered coding agents are transforming software development, and with them, a new ecosystem of “skills“, or reusable prompt-based extensions that augment agent capabilities, is emerging. Marketplaces have appeared where developers can discover and install these skills directly into their AI coding tools. But as with any software supply chain, the question isn’t just “what can …

May 05, 2026
By Roi Nisimi

Latest

All Latest

Explore

Discovered Vulnerabilities

Cyber-themed illustration of a Linux SMB3 server with a broken padlock, symbolizing a missing lock vulnerability in ksmbd.

CVE-2026-23226: How a Missing Lock in ksmbd’s Channel List Exposes Your Linux SMB3 Server

Overview The Orca Security Research Pod discovered a use-after-free race condition in the Linux kernel’s ksmbd SMB3 server. When two connections share a session over SMB3 multichannel, the kernel can read a freed channel struct – exposing the per-channel AES-128-CMAC signing key and causing a kernel panic. An attacker needs valid SMB credentials and network …

April 08, 2026
By Igor Stepansky

A stylized graphic of a pickle smashing into a pipeline

Pickle in the Pipeline: Critical RCE Vulnerabilities in SGLang’s LLM Serving Framework

March 11, 2026

Stylized 3D visualization of an active cybersecurity exploit featuring glowing red computer code fragments and a central target aperture.

Actively Exploited Chrome Zero-Day May Impact Enterprise, Developer, and Automation Environments

February 23, 2026

A stylized graphic of ominous clouds with a digitized skull on top

RoguePilot: Exploiting GitHub Copilot for a Repository Takeover

February 16, 2026

A stylized graphic of a distorted pull request from GitHub on top of ominous clouds

Hacking GitHub Codespaces via VS Code Defaults: A Supply-Chain Attack Vector

February 04, 2026

All Discovered Vulnerabilities

In the News

All In the News

2026 State of Application Security Report: When Development Velocity Outpaces Security

Get the Report

Skill Issues: How We Discovered Supply Chain Attack Vectors in an AI Agent Skills Marketplace

Latest

Remote Code Execution in GitHub Enterprise Server via Git Push Injection (CVE-2026-3854)

Linux Kernel Bug (Copy.Fail) Enables Local Privilege Escalation to Root (CVE-2026-31431)

Xinference PyPI package compromise leads to full environment takeover

Checkmarx supply chain compromise exposes CI/CD secrets

Explore

Discovered Vulnerabilities

CVE-2026-23226: How a Missing Lock in ksmbd’s Channel List Exposes Your Linux SMB3 Server

Pickle in the Pipeline: Critical RCE Vulnerabilities in SGLang’s LLM Serving Framework

Actively Exploited Chrome Zero-Day May Impact Enterprise, Developer, and Automation Environments

RoguePilot: Exploiting GitHub Copilot for a Repository Takeover

Hacking GitHub Codespaces via VS Code Defaults: A Supply-Chain Attack Vector

‘Orca Watch’ Series

Remote Code Execution in GitHub Enterprise Server via Git Push Injection (CVE-2026-3854)

Linux Kernel Bug (Copy.Fail) Enables Local Privilege Escalation to Root (CVE-2026-31431)

Kyverno SSRF: Breaking Kubernetes Namespace Isolation (CVE-2026-4789)

Credential‑Stealing Malware in LiteLLM Supply Chain Attack

CanisterWorm: When a CI/CD Breach Became a Self-Spreading npm Worm

Technical Deep Dives

CVE-2026-23226: How a Missing Lock in ksmbd’s Channel List Exposes Your Linux SMB3 Server

Supply Chain Attack on Axios Delivers Cross-Platform RAT via Compromised npm Account

Post-Exploitation at Scale: The Rise of AILM

Watch the Typo: Our PoC Exploit for Typosquatting in GitHub Actions

Kubernetes Testing Environment: An Open Source Resilience Platform for EKS, GKE and AKS

Thought Leadership

Orca Security Recognized in the 2026 TAG Enterprise AI Security Handbook

Navigating Cloud Security in 2026: Join Cloud Security LIVE

Anthropic’s Project Glasswing Is a Positive Step Toward Cleaner, Safer Production

AI Is Entering Your Infrastructure. Now what?

Beyond the Sticker Price: Understanding the True Cost of Your Security Tools

In the News

The 10 Hottest Cybersecurity Tools And Products Of 2025 (So Far)

From ’Shadow AI’ To Agentic Anarchy, AI-SPM Is Key To Visibility: Experts

Cloud security faces mounting threats, Orca warns

2026 State of Application Security Report: When Development Velocity Outpaces Security

Featured

Skill Issues: How We Discovered Supply Chain Attack Vectors in an AI Agent Skills Marketplace

Latest

Remote Code Execution in GitHub Enterprise Server via Git Push Injection (CVE-2026-3854)

Linux Kernel Bug (Copy.Fail) Enables Local Privilege Escalation to Root (CVE-2026-31431)

Xinference PyPI package compromise leads to full environment takeover

Checkmarx supply chain compromise exposes CI/CD secrets

Discovered Vulnerabilities

CVE-2026-23226: How a Missing Lock in ksmbd’s Channel List Exposes Your Linux SMB3 Server

Pickle in the Pipeline: Critical RCE Vulnerabilities in SGLang’s LLM Serving Framework

Actively Exploited Chrome Zero-Day May Impact Enterprise, Developer, and Automation Environments

RoguePilot: Exploiting GitHub Copilot for a Repository Takeover

Hacking GitHub Codespaces via VS Code Defaults: A Supply-Chain Attack Vector

‘Orca Watch’ Series

Remote Code Execution in GitHub Enterprise Server via Git Push Injection (CVE-2026-3854)

Linux Kernel Bug (Copy.Fail) Enables Local Privilege Escalation to Root (CVE-2026-31431)

Kyverno SSRF: Breaking Kubernetes Namespace Isolation (CVE-2026-4789)

Credential‑Stealing Malware in LiteLLM Supply Chain Attack

CanisterWorm: When a CI/CD Breach Became a Self-Spreading npm Worm

Technical Deep Dives

CVE-2026-23226: How a Missing Lock in ksmbd’s Channel List Exposes Your Linux SMB3 Server

Supply Chain Attack on Axios Delivers Cross-Platform RAT via Compromised npm Account

Post-Exploitation at Scale: The Rise of AILM

Watch the Typo: Our PoC Exploit for Typosquatting in GitHub Actions

Kubernetes Testing Environment: An Open Source Resilience Platform for EKS, GKE and AKS

Thought Leadership

Orca Security Recognized in the 2026 TAG Enterprise AI Security Handbook

Navigating Cloud Security in 2026: Join Cloud Security LIVE

Anthropic’s Project Glasswing Is a Positive Step Toward Cleaner, Safer Production

AI Is Entering Your Infrastructure. Now what?

Beyond the Sticker Price: Understanding the True Cost of Your Security Tools

The 10 Hottest Cybersecurity Tools And Products Of 2025 (So Far)

From ’Shadow AI’ To Agentic Anarchy, AI-SPM Is Key To Visibility: Experts

Cloud security faces mounting threats, Orca warns

2026 State of Application Security Report: When Development Velocity Outpaces Security