Blog Archives | Orca Security

Skill Issues: How We Discovered Supply Chain Attack Vectors in an AI Agent Skills Marketplace

Application Security

Skill Issues: How We Discovered Supply Chain Attack Vectors in an AI Agent Skills Marketplace

Table of contentsExecutive summaryBreaking Down Agent SkillsMalicious Skill: A Real-World ExamplePrimitive 1: Weaponizing Malicious AI Agent Skills via Artificial Install...

Roi Nisimi

May 05, 2026

Cloud Security Fundamentals

What Is an Incident Response Plan?

Table of contentsKey TakeawaysHow an Incident Response Plan WorksWhat Types of Cyberattacks Require an Incident Response Plan? What Are the Benefits...

The Orca Security Team

May 04, 2026

What Is Cloud Data Security? Risks, Challenges, and 12 Best Practices

Cloud Security Learning

What Is Cloud Data Security? Risks, Challenges, and 12 Best Practices

Table of contentsKey TakeawaysCore Components of Cloud Data SecurityCloud Data Security and the CIA TriadWhat Are the Challenges of Securing...

The Orca Security Team

May 04, 2026

Remote Code Execution in GitHub Enterprise Server via Git Push Injection (CVE-2026-3854)

‘Orca Watch’ Series

Remote Code Execution in GitHub Enterprise Server via Git Push Injection (CVE-2026-3854)

A critical vulnerability (CVE-2026-3854, CVSS 8.7) was disclosed affecting GitHub Enterprise Server and GitHub.com, allowing attackers to execute arbitrary commands...

Roi Nisimi

Apr 30, 2026

Linux Kernel Bug (Copy.Fail) Enables Local Privilege Escalation to Root (CVE-2026-31431)

‘Orca Watch’ Series

Linux Kernel Bug (Copy.Fail) Enables Local Privilege Escalation to Root (CVE-2026-31431)

A Linux kernel vulnerability, CVE-2026-31431 dubbed Copy Fail, allows an unprivileged local user to gain root by corrupting the page...

Tohar Braun

Apr 30, 2026

Xinference PyPI package compromise leads to full environment takeover

Application Security

Xinference PyPI package compromise leads to full environment takeover

Table of contentsWhat is the Xinference PyPI Package Compromise ?Assessing the Impact: Credential Theft and Full Environment TakeoverHow to Mitigate...

Roi Nisimi

Apr 23, 2026

Checkmarx supply chain compromise exposes CI/CD secrets

Application Security

Checkmarx supply chain compromise exposes CI/CD secrets

Table of contentsWhat is the Checkmarx Supply Chain Compromise ?Impact of the TeamPCP Campaign: Credential Theft and Lateral MovementMitigation RecommendationsHow...

Roi Nisimi

Apr 23, 2026

Application Security

What is Application Security?

Table of contentsDefining AppSec: Protection Across the Full LifecycleThe Business Stakes: Why AppSec is Critical in 2026The 3 Stages of...

Jake Kramber

Apr 23, 2026

When AI Accelerates the Offense, Coverage Gaps Become Catastrophic

Cloud Security Fundamentals

When AI Accelerates the Offense, Coverage Gaps Become Catastrophic

Table of contents1. Closing the Patch Gap with Context-Aware Vulnerability Prioritization2. Scale Vulnerability Prioritization to Outpace AI-Driven Alert Noise3. Find...

Gus Evangelakos

Apr 20, 2026

Blog

Skill Issues: How We Discovered Supply Chain Attack Vectors in an AI Agent Skills Marketplace

What Is an Incident Response Plan?

What Is Cloud Data Security? Risks, Challenges, and 12 Best Practices

Remote Code Execution in GitHub Enterprise Server via Git Push Injection (CVE-2026-3854)

Linux Kernel Bug (Copy.Fail) Enables Local Privilege Escalation to Root (CVE-2026-31431)

Xinference PyPI package compromise leads to full environment takeover

Checkmarx supply chain compromise exposes CI/CD secrets

What is Application Security?

When AI Accelerates the Offense, Coverage Gaps Become Catastrophic

Cloud Security Platform

Technology Ecosystem

By Solution

By Industry

Comparisons