Application Security
What is Application Security?
The development of cloud-native applications is fueling business innovation, but also expanding the attack surface. According to the Verizon Data...
Blog
‘Orca Watch’ Series
The Second Coming of Shai-Hulud: npm Targeted Yet Again
TL;DR This is the second time a malicious campaign - codenamed Shai‑Hulud - has been detected targeting the npm ecosystem....
Microsoft Azure
Training AI with Sensitive Data – Intentional or Accidental?
AI adoption is accelerating at an incredible clip. The 2024 State of AI report found that 56% of organizations have...
Research
OWASP Top 10 2025: Key Changes and What They Mean for Application Security
The OWASP Top 10 2025 release candidate is here, marking an important milestone in the evolution of application security best...
Research
Part 2: Attackers Love Your GitHub Actions Too
In Part 1 of this blog series, we learned about GitHub Actions and their risks—now comes the fun part. It’s...
Research
Part 1: Attackers Love Your GitHub Actions Too
Why do attackers love GitHub Actions, and why should you care? The answer lies in a dangerous combination of widespread...
Discovered Vulnerabilities
New runC Vulnerabilities Expose Docker and Kubernetes to Container Escape Attacks
This week, three new high-severity vulnerabilities were revealed in runC, the fundamental runtime technology used by most container platforms. This...
Cloud Security Learning
What is AI Security?
As artificial intelligence becomes foundational to modern business and software development, organizations are discovering a new dimension of risk. AI...
Amazon Web Services
Hunt Threats with the Orca Pod at re:Invent 2025
At Orca Security, we’re proud to engage with customers, partners, and the cybersecurity community to make the cloud a safer,...
