s1ngularity Supply Chain Attack: What It Means for Cloud and AI Security
On August 26, 2025, the open-source ecosystem was shaken by a new supply chain attack that targeted Nx, a popular...
On August 26, 2025, the open-source ecosystem was shaken by a new supply chain attack that targeted Nx, a popular...
Executive summary We have managed to successfully compromise repositories owned by Microsoft, Google, Nvidia and many more using a single...
Executive Summary: The Orca Research Pod has uncovered critical security risks across several high-profile open source repositories that relied on...
Microsoft pushed out-of-band fixes for on-premise SharePoint Servers after attackers chained CVE-2025-53770 and CVE-2025-53771. The chain bypasses SharePoint chain vulnerabilities,...
Executive Summary: The Orca Research Pod has discovered CVE-2025-48710 in kro (Kube Resource Orchestrator) where an attacker could introduce a malicious CustomResourceDefinition...
It will come as no surprise that Kubernetes deployments are growing exponentially across many industries. According to the Cloud Native...
Microsoft recently advised of a critical TCP/IP Remote Code Execution Vulnerability dubbed CVE 2024-38063, which is a critical unauthenticated Remote...
Table of contentsExecutive Summary:What are Azure, Gcloud and AWS CLI?Exposure of Serverless environment variablesAWS CLI LeakageGcloud CLI LeakageExploitation Proof of...
On January 31st, Snyk unveiled the discovery of four novel container vulnerabilities that target the runC and BuildKit components within...
The Orca Research Pod has uncovered a dangerous loophole in Google Kubernetes Engine (GKE) that could allow an attacker with...