Research
CVE-2025-31324 Exploited in the Wild: What We’ve Found in the Aftermath
In late April 2025, SAP disclosed CVE-2025-31324, a critical vulnerability in SAP NetWeaver’s Visual Composer development server. The flaw—stemming from...
All articles by Yonatan Broder
Discovered Vulnerabilities
Oracle Cloud Breach Exploiting CVE-2021-35587: How to Protect Your Organization
Read about the Oracle Cloud Breach Exploiting CVE-2021-35587 and learn how to protect your organization.
‘Orca Watch’ Series
Security Briefing: Apache Struts Vulnerability CVE-2024-53677
A critical vulnerability, CVE-2024-53677, has been identified in the Apache Struts 2 framework, a popular platform for developing Java-based web...
Research
Why You Should Disable Your Unauthenticated Read-only Ports On GKE Kubelet Servers
On July 26th, Google sent their Google Kubernetes Engine (GKE) customers an email about the fact that they identified an...
Research
Cloud Risk Encyclopedia Q3 Update: A Useful Resource for Kubernetes Security Risks and Best Practices
Orca has published a new update on Kubernetes security to the Cloud Risk Encyclopedia (CRE), a public resource featuring cloud...
Research
Key Security Capabilities in Kubernetes
Kubernetes was designed for functionality, not security, but it does include several key settings and policies. Learn more about Kubernetes...
Personalized Demo
See Orca Security in Action
Gain visibility, achieve compliance, and prioritize risks with the Orca Cloud Security Platform.