Cloud Security Insights
Securing Your Source Code: A Critical Defense Against Modern Threats
Source code has become one of the most valuable and vulnerable assets organizations possess. As development teams increasingly rely on...
Blog
Discovered Vulnerabilities
pull_request_nightmare Part 1: Exploiting GitHub Actions for RCE and Supply Chain Attacks
Executive Summary: The Orca Research Pod has uncovered critical security risks across several high-profile open source repositories that relied on...
Orca Platform
2025 GigaOm Radar Report for CNAPP: Orca Security Named Leader
We’re proud to share that Orca Security has been recognized as a Leader in the 2025 GigaOm Radar Report for...
Discovered Vulnerabilities
Massive npm Malware Campaign Infects Popular Packages, @ctrl/tinycolor Affected
TL;DR A new software supply chain attack has been identified, targeting the npm registry and this time impacting more than...
Orca Platform
Expanded Runtime Protection for Windows Workloads
When it comes to hybrid cloud security, one of the biggest blind spots remains Windows-based workloads. Despite their central role...
Discovered Vulnerabilities
NPM Packages Compromised: Maintainer ‘qix’ Hacked
Reports have emerged of a major supply chain attack impacting numerous NPM packages maintained by the developer known as “qix.”...
Orca Platform
Git Hooks: Prevent Secrets Exposure with Pre-Commit and Pre-Receive Protection
According to the 2025 State of Cloud Security Report, 85% of organizations have plaintext secrets embedded in their source code...
Discovered Vulnerabilities
s1ngularity Supply Chain Attack: What It Means for Cloud and AI Security
On August 26, 2025, the open-source ecosystem was shaken by a new supply chain attack that targeted Nx, a popular...
Orca Platform
Discovering Leaked Passwords: How to Strengthen Your Cloud Defense
Stolen credentials remain one of the leading causes of data breaches and one of the costliest. According to IBM’s 2025...
