pull_request_nightmare Part 2: Exploiting GitHub Actions for RCE and Supply Chain
Executive summary We have managed to successfully compromise repositories owned by Microsoft, Google, Nvidia and many more using a single...
Executive summary We have managed to successfully compromise repositories owned by Microsoft, Google, Nvidia and many more using a single...
Executive Summary: The Orca Research Pod has uncovered critical security risks across several high-profile open source repositories that relied on...
TL;DR A new software supply chain attack has been identified, targeting the npm registry and this time impacting more than...
Reports have emerged of a major supply chain attack impacting numerous NPM packages maintained by the developer known as “qix.”...
On August 26, 2025, the open-source ecosystem was shaken by a new supply chain attack that targeted Nx, a popular...
According to Gartner, worldwide spending on generative AI is set to reach $644 billion (USD) in 2025, a nearly 77%...
Microsoft pushed out-of-band fixes for on-premise SharePoint Servers after attackers chained CVE-2025-53770 and CVE-2025-53771. The chain bypasses SharePoint chain vulnerabilities,...
Table of contentsExecutive summaryA quick introduction to Azure Machine LearningHow AML pipelines are commonly usedHow the privilege escalation vulnerability could...
When we first announced the Orca MCP Server, we showed some examples with Claude and with Cursor. In this blog,...