Cloud Security Learning
Building Application Security from the Ground Up: An Organizational Approach
This blog post complements our guide on What is Application Security? by diving deep into the organizational foundations required to...
Blog
Orca Platform
Orca Security: A Strong Performer in the 2026 Forrester Wave™ for Cloud Native Application Protection Solutions
Forrester has named Orca as a Strong Performer in The Forrester Wave™: Cloud Native Application Protection Solutions, Q1 2026. In...
‘Orca Watch’ Series
Critical CVE-2026-1731 Vulnerability in BeyondTrust Remote Support and PRA Exposes Systems to Remote Code Execution
Introduction A critical vulnerability (CVE-2026-1731, CVSS 9.9) was publicly disclosed on February 6, 2026 affecting BeyondTrust Remote Support (RS) and...
Research
RoguePilot: Exploiting GitHub Copilot for a Repository Takeover
We forced GitHub to prompt-inject itself. It allowed us to control Copilot’s responses and exfiltrate Codespaces’ GITHUB_TOKEN secret. The end...
Cloud Security Learning
Getting Ready for the AI Era: A CISO’s Guide to AI Security Strategy
The AI Era Is a Scale Problem — And CISOs Can’t Solve It the Old Way Every major technology shift...
‘Orca Watch’ Series
Path Traversal in Rancher Local Path Provisioner Enables Host Filesystem Compromise Across K3s Clusters
Introduction A critical vulnerability (CVE-2025-62878, CVSS 10.0) was disclosed on February 4, 2026 affecting all versions of Rancher's Local Path...
Orca Platform
Shifting Left with Orca MCP: The Developer’s AI Security Partner
In Part 1, we explored how the Orca MCP (Model Context Protocol) Server bridges the gap between AI and your...
Discovered Vulnerabilities
Hacking GitHub Codespaces via VS Code Defaults: A Supply-Chain Attack Vector
Executive Summary The Orca Research Pod has uncovered multiple attack vectors in GitHub Codespaces that allow remote code execution (RCE)...
Orca Platform
First third-party CNAPP to integrate with Tencent Cloud: Orca expands multi-cloud security and compliance with dynamic risk prioritization baked in
Today, we’re excited to announce that Orca can be integrated with Tencent Cloud. This makes Orca the first third-party Cloud...
