Blog Archives | Page 5 of 127

pull_request_nightmare Part 2: Exploiting GitHub Actions for RCE and Supply Chain

Discovered Vulnerabilities

pull_request_nightmare Part 2: Exploiting GitHub Actions for RCE and Supply Chain

Executive summary We have managed to successfully compromise repositories owned by Microsoft, Google, Nvidia and many more using a single...

Roi Nisimi

Sep 30, 2025

Securing Your Source Code: A Critical Defense Against Modern Threats

Cloud Security Insights

Securing Your Source Code: A Critical Defense Against Modern Threats

Source code has become one of the most valuable and vulnerable assets organizations possess. As development teams increasingly rely on...

Tim Chase

Sep 25, 2025

pull_request_nightmare Part 1: Exploiting GitHub Actions for RCE and Supply Chain Attacks

Discovered Vulnerabilities

pull_request_nightmare Part 1: Exploiting GitHub Actions for RCE and Supply Chain Attacks

Executive Summary: The Orca Research Pod has uncovered critical security risks across several high-profile open source repositories that relied on...

Roi Nisimi

Sep 24, 2025

2025 GigaOm Radar Report for CNAPP: Orca Security Named Leader

Orca Platform

2025 GigaOm Radar Report for CNAPP: Orca Security Named Leader

We’re proud to share that Orca Security has been recognized as a Leader in the 2025 GigaOm Radar Report for...

Gil Geron Todd Stansfield

Sep 23, 2025

Massive npm Malware Campaign Infects Popular Packages, @ctrl/tinycolor Affected

Discovered Vulnerabilities

Massive npm Malware Campaign Infects Popular Packages, @ctrl/tinycolor Affected

TL;DR A new software supply chain attack has been identified, targeting the npm registry and this time impacting more than...

Shir Sadon

Sep 16, 2025

Expanded Runtime Protection for Windows Workloads

Orca Platform

Expanded Runtime Protection for Windows Workloads

When it comes to hybrid cloud security, one of the biggest blind spots remains Windows-based workloads. Despite their central role...

Dror Zalman Todd Stansfield

Sep 16, 2025

NPM Packages Compromised: Maintainer ‘qix’ Hacked

Discovered Vulnerabilities

NPM Packages Compromised: Maintainer ‘qix’ Hacked

Reports have emerged of a major supply chain attack impacting numerous NPM packages maintained by the developer known as “qix.”...

Bar Kaduri

Sep 08, 2025

Git Hooks: Prevent Secrets Exposure with Pre-Commit and Pre-Receive Protection

Orca Platform

Git Hooks: Prevent Secrets Exposure with Pre-Commit and Pre-Receive Protection

According to the 2025 State of Cloud Security Report, 85% of organizations have plaintext secrets embedded in their source code...

Lior Samuni Todd Stansfield

Sep 04, 2025

s1ngularity Supply Chain Attack: What It Means for Cloud and AI Security

Discovered Vulnerabilities

s1ngularity Supply Chain Attack: What It Means for Cloud and AI Security

On August 26, 2025, the open-source ecosystem was shaken by a new supply chain attack that targeted Nx, a popular...

Roi Nisimi

Aug 27, 2025

Blog

pull_request_nightmare Part 2: Exploiting GitHub Actions for RCE and Supply Chain

Securing Your Source Code: A Critical Defense Against Modern Threats

pull_request_nightmare Part 1: Exploiting GitHub Actions for RCE and Supply Chain Attacks

2025 GigaOm Radar Report for CNAPP: Orca Security Named Leader

Massive npm Malware Campaign Infects Popular Packages, @ctrl/tinycolor Affected

Expanded Runtime Protection for Windows Workloads

NPM Packages Compromised: Maintainer ‘qix’ Hacked

Git Hooks: Prevent Secrets Exposure with Pre-Commit and Pre-Receive Protection

s1ngularity Supply Chain Attack: What It Means for Cloud and AI Security

Cloud Security Platform

Technology Ecosystem

By Solution

By Industry

Comparisons