Blog Archives | Page 3 of 137

Critical Coder Signature Bypass Exposes Developer Keys and Tokens

‘Orca Watch’ Series

Critical Coder Signature Bypass Exposes Developer Keys and Tokens

A critical vulnerability (CVE-2026-46354, CVSS 9.1) was disclosed affecting Coder, a popular open-source remote development platform, allowing attackers to steal...

Roi Nisimi

May 21, 2026

New “PoolSlip” NGINX Exploit Revives Unpatched Remote Code Execution Risk

‘Orca Watch’ Series

New “PoolSlip” NGINX Exploit Revives Unpatched Remote Code Execution Risk

Executive Summary Security researchers disclosed new exploitation techniques for the previously documented “PoolSlip” vulnerability affecting NGINX, demonstrating that earlier mitigations...

Roi Nisimi

May 21, 2026

Critical Drupal SQL Injection Exposes PostgreSQL-Backed Sites to Remote Code Execution

‘Orca Watch’ Series

Critical Drupal SQL Injection Exposes PostgreSQL-Backed Sites to Remote Code Execution

Executive Summary A highly critical vulnerability (CVE-2026-9082, Drupal risk score 20/25) was disclosed affecting Drupal core versions 8.9.0 through 11.3.9,...

Roi Nisimi

May 21, 2026

AI Security Tools: How to Evaluate Them Across Every ML Attack Phase

Cloud Security Learning

AI Security Tools: How to Evaluate Them Across Every ML Attack Phase

Table of contentsKey Takeaways1. Coverage across ML infrastructure attack phases2. Integration with cloud and DevOps pipelines.3. Regulatory readiness and compliance...

The Orca Security Team

May 21, 2026

Massive npm Supply Chain Attack Compromises AntV Ecosystem, Steals CI/CD Secrets at Scale

‘Orca Watch’ Series

Massive npm Supply Chain Attack Compromises AntV Ecosystem, Steals CI/CD Secrets at Scale

Table of contentsAttack OverviewTechnical CapabilitiesAffected Packages and ExposureRecommended RemediationIncident StatusPotential ImpactHow can Orca help? A critical supply chain attack compromised...

Roi Nisimi

May 20, 2026

NIST AI Risk Management Framework (AI RMF) Explained: What It Is and How Organizations Use It

Cloud Security Learning

NIST AI Risk Management Framework (AI RMF) Explained: What It Is and How Organizations Use It

Table of contentsKey TakeawaysWhy AI Governance and Security Are ConvergingWhy Is AI Risk Management EssentialA Closer Look at the NIST...

The Orca Security Team

May 20, 2026

The AI Data You Forgot to Lock: How Exposed Vector Databases Put Organizations at Risk

Data and AI Security

The AI Data You Forgot to Lock: How Exposed Vector Databases Put Organizations at Risk

Table of contentsExecutive Summary: PII, Medical Records, and Credentials at RiskThe Rise of Vector Databases and Their Blind SpotsThe Root...

Roi Nisimi

May 19, 2026

GenAI Risks in Cloud Environments: What Security Teams Are Actually Missing in 2026

Cloud Security Learning

GenAI Risks in Cloud Environments: What Security Teams Are Actually Missing in 2026

Table of contentsKey TakeawaysWhat Is a GenAI Risk in a Cloud Environment?What Are the Most Common GenAI Misconfiguration Classes in...

The Orca Security Team

May 18, 2026

Cloud Security Fundamentals

What Is Multi-Cloud Security?

Table of contentsKey TakeawaysUnderstanding Multi-Cloud SecurityWhy Do Organizations Use Multi-Cloud Architectures?No Single Point of FailureRegulatory Data Residency FlexibilityBlast Radius ContainmentC...

The Orca Security Team

May 18, 2026

Blog

Critical Coder Signature Bypass Exposes Developer Keys and Tokens

New “PoolSlip” NGINX Exploit Revives Unpatched Remote Code Execution Risk

Critical Drupal SQL Injection Exposes PostgreSQL-Backed Sites to Remote Code Execution

AI Security Tools: How to Evaluate Them Across Every ML Attack Phase

Massive npm Supply Chain Attack Compromises AntV Ecosystem, Steals CI/CD Secrets at Scale

NIST AI Risk Management Framework (AI RMF) Explained: What It Is and How Organizations Use It

The AI Data You Forgot to Lock: How Exposed Vector Databases Put Organizations at Risk

GenAI Risks in Cloud Environments: What Security Teams Are Actually Missing in 2026

What Is Multi-Cloud Security?

Cloud Security Platform

Technology Ecosystem

By Solution

By Industry

Comparisons