Discovered Vulnerabilities
Massive npm Malware Campaign Infects Popular Packages, @ctrl/tinycolor Affected
TL;DR A new software supply chain attack has been identified, targeting the npm registry and this time impacting more than...
Research
Discovered Vulnerabilities
NPM Packages Compromised: Maintainer ‘qix’ Hacked
Reports have emerged of a major supply chain attack impacting numerous NPM packages maintained by the developer known as “qix.”...
Discovered Vulnerabilities
s1ngularity Supply Chain Attack: What It Means for Cloud and AI Security
On August 26, 2025, the open-source ecosystem was shaken by a new supply chain attack that targeted Nx, a popular...
Research
10 Most Popular AI Models of 2025
According to Gartner, worldwide spending on generative AI is set to reach $644 billion (USD) in 2025, a nearly 77%...
Report
2025 Gartner® Market Guide for CNAPP
2025 Gartner® Market Guide for Cloud-Native Application Protection Platforms (CNAPP) Read the report to learn why Gartner is recommending that...
‘Orca Watch’ Series
New ‘ToolShell’ Exploit Chain Targets SharePoint Servers via CVE-2025-53770 and CVE-2025-53771
Microsoft pushed out-of-band fixes for on-premise SharePoint Servers after attackers chained CVE-2025-53770 and CVE-2025-53771. The chain bypasses SharePoint chain vulnerabilities,...
Microsoft Azure
Azure Machine Learning Escalation: When Pipelines Go Off the Rails
Table of contentsExecutive summaryA quick introduction to Azure Machine LearningHow AML pipelines are commonly usedHow the privilege escalation vulnerability could...
Orca Platform
Improved Cloud Understanding by Connecting Amazon Q to the Orca MCP Server
When we first announced the Orca MCP Server, we showed some examples with Claude and with Cursor. In this blog,...
Cloud Security Insights
2025 State of Cloud Security Report: Cloud Risks Surge Amid Expanding AI Adoption
Today, we’re excited to release the 2025 State of Cloud Security Report, which reveals deep insights uncovered by the Orca...