Tohar Braun, Author at Orca Security

CanisterWorm: When a CI/CD Breach Became a Self-Spreading npm Worm

‘Orca Watch’ Series

CanisterWorm: When a CI/CD Breach Became a Self-Spreading npm Worm

A supply chain compromise moved from CI pipelines into the npm ecosystem, stealing secrets, hijacking packages, and persisting on developer...

Tohar Braun

Mar 23, 2026

React and Next.js Vulnerabilities Enable Remote Code Execution

‘Orca Watch’ Series

React and Next.js Vulnerabilities Enable Remote Code Execution

A critical vulnerability was announced today affecting React Server Components (RSC), which affects React (CVE-2025-55182) and all frameworks using RSC,...

Tohar Braun

Dec 03, 2025

OWASP Non-Human Identities Top 10:Forging a New Standard in Cloud Security

Research

OWASP Non-Human Identities Top 10:Forging a New Standard in Cloud Security

Table of contentsWhat is the OWASP Non-Human Identities Top 10 Project?A deep dive into the NHI Top 101. NHI1:2025 -...

Bar Kaduri Tohar Braun

Jan 21, 2025

Addressing CrowdStrike on Cloud VMs in AWS with Automated Remediation

‘Orca Watch’ Series

Addressing CrowdStrike on Cloud VMs in AWS with Automated Remediation

Remediating an issue like today’s outage on Windows machines with the CrowdStrike Falcon Sensor at cloud scale can be particularly...

Tohar Braun

Jul 19, 2024

2023 Honeypotting in the Cloud Report: Attackers Discover and Weaponize Exposed Cloud Assets and Secrets in Minutes

‘Orca Watch’ Series

2023 Honeypotting in the Cloud Report: Attackers Discover and Weaponize Exposed Cloud Assets and Secrets in Minutes

The state of cloud security is a dynamic and ever-evolving landscape, as both attackers and defenders continuously adapt their tactics...

Bar Kaduri Tohar Braun

Jun 20, 2023

Dependency Confusion Supply Chain Attacks: 49% of Organizations Are Vulnerable

Research

Dependency Confusion Supply Chain Attacks: 49% of Organizations Are Vulnerable

In recent years, supply chain attacks targeting software developers and suppliers have become increasingly common. The primary objective of these...

Tohar Braun Lidor Ben Shitrit

May 09, 2023

Meet IAM APE: An Open Source Tool to Simplify AWS IAM Policy Management

Amazon Web Services

Meet IAM APE: An Open Source Tool to Simplify AWS IAM Policy Management

We're excited to announce the release of our new free community cloud security tool IAM AWS Policy Evaluator (IAM APE),...

Tohar Braun

Mar 09, 2023

GCP Organization Policies: Governing Your Inheritance

Google Cloud

GCP Organization Policies: Governing Your Inheritance

A GCP Organization is the top node of the permissions hierarchy, making policies defined at this level powerful, automatically applying...

Tohar Braun

Apr 20, 2022

CVE-2018-25032: Zlib Memory Corruption Vulnerability

‘Orca Watch’ Series

CVE-2018-25032: Zlib Memory Corruption Vulnerability

On March 25, 2022, a PoC was published for the 4-year old CVE-2018-25032 in Zlib open source software that everyone...

Tohar Braun

Mar 29, 2022

All articles by Tohar Braun

CanisterWorm: When a CI/CD Breach Became a Self-Spreading npm Worm

React and Next.js Vulnerabilities Enable Remote Code Execution

OWASP Non-Human Identities Top 10:Forging a New Standard in Cloud Security

Addressing CrowdStrike on Cloud VMs in AWS with Automated Remediation

2023 Honeypotting in the Cloud Report: Attackers Discover and Weaponize Exposed Cloud Assets and Secrets in Minutes

Dependency Confusion Supply Chain Attacks: 49% of Organizations Are Vulnerable

Meet IAM APE: An Open Source Tool to Simplify AWS IAM Policy Management

GCP Organization Policies: Governing Your Inheritance

CVE-2018-25032: Zlib Memory Corruption Vulnerability

See Orca Security in Action

See Orca Security in Action

Cloud Security Platform

Technology Ecosystem

By Solution

By Industry

Comparisons