Cloud Security Research & Threat Intelligence

access key moving through digital pipeline

Linux kernel vulnerability enables local theft of SSH host keys and /etc/shadow

Executive Summary A high-impact Linux kernel vulnerability, currently without a verified public CVE or CVSS score, was disclosed affecting kernels prior to commit 31e62c2e. The issue allows a local unprivileged attacker to steal file descriptors from privileged processes during a narrow exit window, potentially exposing root-only files such as SSH host private keys and /etc/shadow. …

May 15, 2026
By Roi Nisimi

Latest

All Latest

Explore

Discovered Vulnerabilities

Cyber-themed illustration of a Linux SMB3 server with a broken padlock, symbolizing a missing lock vulnerability in ksmbd.

CVE-2026-23226: How a Missing Lock in ksmbd’s Channel List Exposes Your Linux SMB3 Server

Overview The Orca Security Research Pod discovered a use-after-free race condition in the Linux kernel’s ksmbd SMB3 server. When two connections share a session over SMB3 multichannel, the kernel can read a freed channel struct – exposing the per-channel AES-128-CMAC signing key and causing a kernel panic. An attacker needs valid SMB credentials and network …

April 08, 2026
By Igor Stepansky

A stylized graphic of a pickle smashing into a pipeline

Pickle in the Pipeline: Critical RCE Vulnerabilities in SGLang’s LLM Serving Framework

March 11, 2026

Stylized 3D visualization of an active cybersecurity exploit featuring glowing red computer code fragments and a central target aperture.

Actively Exploited Chrome Zero-Day May Impact Enterprise, Developer, and Automation Environments

February 23, 2026

A stylized graphic of ominous clouds with a digitized skull on top

RoguePilot: Exploiting GitHub Copilot for a Repository Takeover

February 16, 2026

A stylized graphic of a distorted pull request from GitHub on top of ominous clouds

Hacking GitHub Codespaces via VS Code Defaults: A Supply-Chain Attack Vector

February 04, 2026

All Discovered Vulnerabilities

In the News

All In the News

2026 State of Application Security Report: When Development Velocity Outpaces Security

Get the Report

Linux kernel vulnerability enables local theft of SSH host keys and /etc/shadow

Latest

TanStack and 160+ npm/PyPI Packages Compromised in Supply Chain Worm Attack

Dirty Frag: Linux Kernel Vulnerability Chain Enables Local Privilege Escalation to Root

Critical Apache HTTP Server HTTP/2 Vulnerability Could Enable Remote Code Execution

Skill Issues: How We Discovered Supply Chain Attack Vectors in an AI Agent Skills Marketplace

Explore

Discovered Vulnerabilities

CVE-2026-23226: How a Missing Lock in ksmbd’s Channel List Exposes Your Linux SMB3 Server

Pickle in the Pipeline: Critical RCE Vulnerabilities in SGLang’s LLM Serving Framework

Actively Exploited Chrome Zero-Day May Impact Enterprise, Developer, and Automation Environments

RoguePilot: Exploiting GitHub Copilot for a Repository Takeover

Hacking GitHub Codespaces via VS Code Defaults: A Supply-Chain Attack Vector

‘Orca Watch’ Series

Linux kernel vulnerability enables local theft of SSH host keys and /etc/shadow

18-Year-Old NGINX Rewrite Module Flaw Enables Unauthenticated DoS and Potential RCE

TanStack and 160+ npm/PyPI Packages Compromised in Supply Chain Worm Attack

Dirty Frag: Linux Kernel Vulnerability Chain Enables Local Privilege Escalation to Root

Critical Apache HTTP Server HTTP/2 Vulnerability Could Enable Remote Code Execution

Technical Deep Dives

CVE-2026-23226: How a Missing Lock in ksmbd’s Channel List Exposes Your Linux SMB3 Server

Supply Chain Attack on Axios Delivers Cross-Platform RAT via Compromised npm Account

Post-Exploitation at Scale: The Rise of AILM

Watch the Typo: Our PoC Exploit for Typosquatting in GitHub Actions

Kubernetes Testing Environment: An Open Source Resilience Platform for EKS, GKE and AKS

Thought Leadership

Orca Security Recognized in the 2026 TAG Enterprise AI Security Handbook

Navigating Cloud Security in 2026: Join Cloud Security LIVE

Anthropic’s Project Glasswing Is a Positive Step Toward Cleaner, Safer Production

AI Is Entering Your Infrastructure. Now what?

Beyond the Sticker Price: Understanding the True Cost of Your Security Tools

In the News

The 10 Hottest Cybersecurity Tools And Products Of 2025 (So Far)

From ’Shadow AI’ To Agentic Anarchy, AI-SPM Is Key To Visibility: Experts

Cloud security faces mounting threats, Orca warns

2026 State of Application Security Report: When Development Velocity Outpaces Security

Featured

Linux kernel vulnerability enables local theft of SSH host keys and /etc/shadow

Latest

TanStack and 160+ npm/PyPI Packages Compromised in Supply Chain Worm Attack

Dirty Frag: Linux Kernel Vulnerability Chain Enables Local Privilege Escalation to Root

Critical Apache HTTP Server HTTP/2 Vulnerability Could Enable Remote Code Execution

Skill Issues: How We Discovered Supply Chain Attack Vectors in an AI Agent Skills Marketplace

Discovered Vulnerabilities

CVE-2026-23226: How a Missing Lock in ksmbd’s Channel List Exposes Your Linux SMB3 Server

Pickle in the Pipeline: Critical RCE Vulnerabilities in SGLang’s LLM Serving Framework

Actively Exploited Chrome Zero-Day May Impact Enterprise, Developer, and Automation Environments

RoguePilot: Exploiting GitHub Copilot for a Repository Takeover

Hacking GitHub Codespaces via VS Code Defaults: A Supply-Chain Attack Vector

‘Orca Watch’ Series

Linux kernel vulnerability enables local theft of SSH host keys and /etc/shadow

18-Year-Old NGINX Rewrite Module Flaw Enables Unauthenticated DoS and Potential RCE

TanStack and 160+ npm/PyPI Packages Compromised in Supply Chain Worm Attack

Dirty Frag: Linux Kernel Vulnerability Chain Enables Local Privilege Escalation to Root

Critical Apache HTTP Server HTTP/2 Vulnerability Could Enable Remote Code Execution

Technical Deep Dives

CVE-2026-23226: How a Missing Lock in ksmbd’s Channel List Exposes Your Linux SMB3 Server

Supply Chain Attack on Axios Delivers Cross-Platform RAT via Compromised npm Account

Post-Exploitation at Scale: The Rise of AILM

Watch the Typo: Our PoC Exploit for Typosquatting in GitHub Actions

Kubernetes Testing Environment: An Open Source Resilience Platform for EKS, GKE and AKS

Thought Leadership

Orca Security Recognized in the 2026 TAG Enterprise AI Security Handbook

Navigating Cloud Security in 2026: Join Cloud Security LIVE

Anthropic’s Project Glasswing Is a Positive Step Toward Cleaner, Safer Production

AI Is Entering Your Infrastructure. Now what?

Beyond the Sticker Price: Understanding the True Cost of Your Security Tools

The 10 Hottest Cybersecurity Tools And Products Of 2025 (So Far)

From ’Shadow AI’ To Agentic Anarchy, AI-SPM Is Key To Visibility: Experts

Cloud security faces mounting threats, Orca warns

2026 State of Application Security Report: When Development Velocity Outpaces Security