Roi Nisimi, Author at Orca Security

Xinference PyPI package compromise leads to full environment takeover

Application Security

Xinference PyPI package compromise leads to full environment takeover

Table of contentsWhat is the Xinference PyPI Package Compromise ?Assessing the Impact: Credential Theft and Full Environment TakeoverHow to Mitigate...

Roi Nisimi

Apr 23, 2026

Checkmarx supply chain compromise exposes CI/CD secrets

Application Security

Checkmarx supply chain compromise exposes CI/CD secrets

Table of contentsWhat is the Checkmarx Supply Chain Compromise ?Impact of the TeamPCP Campaign: Credential Theft and Lateral MovementMitigation RecommendationsHow...

Roi Nisimi

Apr 23, 2026

Credential‑Stealing Malware in LiteLLM Supply Chain Attack

‘Orca Watch’ Series

Credential‑Stealing Malware in LiteLLM Supply Chain Attack

Executive Summary A severe malware incident (no formal CVE yet, but tracked as a high‑risk supply chain compromise) was disclosed...

Roi Nisimi

Mar 25, 2026

HackerBot-Claw: An AI-Assisted Campaign Targeting GitHub Actions Pipelines

‘Orca Watch’ Series

HackerBot-Claw: An AI-Assisted Campaign Targeting GitHub Actions Pipelines

Table of contentsExecutive summaryIntroductionWhy GitHub Actions Are a New Frontier for AttackersWhat Happened?What Is the Impact?How HackerBot-Claw Works (Attack Chain)Scan...

Roi Nisimi

Mar 04, 2026

Post-Exploitation at Scale: The Rise of AILM

Research

Post-Exploitation at Scale: The Rise of AILM

AILM (AI-Induced Lateral Movement) is a new post-exploitation attack-vector where the pivot mechanism isn’t a subnet or an identity, but...

Roi Nisimi Saurav Hiremath

Feb 26, 2026

RoguePilot: Exploiting GitHub Copilot for a Repository Takeover

Discovered Vulnerabilities

RoguePilot: Exploiting GitHub Copilot for a Repository Takeover

We forced GitHub to prompt-inject itself. It allowed us to control Copilot’s responses and exfiltrate Codespaces’ GITHUB_TOKEN secret. The end...

Roi Nisimi

Feb 16, 2026

Hacking GitHub Codespaces via VS Code Defaults: A Supply-Chain Attack Vector

Discovered Vulnerabilities

Hacking GitHub Codespaces via VS Code Defaults: A Supply-Chain Attack Vector

Executive Summary The Orca Research Pod has uncovered multiple attack vectors in GitHub Codespaces that allow remote code execution (RCE)...

Roi Nisimi

Feb 04, 2026

Critical unauthenticated RCE in n8n (CVE-2026-21858, CVSS 10.0) allows full instance takeover

‘Orca Watch’ Series

Critical unauthenticated RCE in n8n (CVE-2026-21858, CVSS 10.0) allows full instance takeover

A critical vulnerability (CVE-2026-21858, CVSS score 10.0) was disclosed affecting the n8n workflow automation platform, allowing attackers to remotely execute...

Roi Nisimi

Jan 07, 2026

Critical 9.3 Severity LangChain Serialization Flaw Enables Secret Theft

‘Orca Watch’ Series

Critical 9.3 Severity LangChain Serialization Flaw Enables Secret Theft

A critical vulnerability (CVE-2025-68664, CVSS 9.3) was disclosed affecting the LangChain open-source LLM framework, allowing attackers to steal sensitive data...

Roi Nisimi

Dec 25, 2025

All articles by Roi Nisimi

Xinference PyPI package compromise leads to full environment takeover

Checkmarx supply chain compromise exposes CI/CD secrets

Credential‑Stealing Malware in LiteLLM Supply Chain Attack

HackerBot-Claw: An AI-Assisted Campaign Targeting GitHub Actions Pipelines

Post-Exploitation at Scale: The Rise of AILM

RoguePilot: Exploiting GitHub Copilot for a Repository Takeover

Hacking GitHub Codespaces via VS Code Defaults: A Supply-Chain Attack Vector

Critical unauthenticated RCE in n8n (CVE-2026-21858, CVSS 10.0) allows full instance takeover

Critical 9.3 Severity LangChain Serialization Flaw Enables Secret Theft

See Orca Security in Action

See Orca Security in Action

Cloud Security Platform

Technology Ecosystem

By Solution

By Industry

Comparisons