Two XSS Vulnerabilities in Azure with Embedded postMessage IFrames
Microsoft Azure offers a diverse range of services that empower organizations with convenient and scalable cloud infrastructure solutions. However, even...
Microsoft Azure offers a diverse range of services that empower organizations with convenient and scalable cloud infrastructure solutions. However, even...
In recent years, supply chain attacks targeting software developers and suppliers have become increasingly common. The primary objective of these...
Today, at BlueHat IL 2023, we proudly announced our discovery of a new vulnerability in Azure, which we've dubbed 'Super...
As we approach the middle of 2023, we thought it an appropriate time to reflect on the cloud security risks...
Recently, the US National Security Agency (NSA) joined United Kingdom’s National Cyber Security Center (NCSC) in releasing an advisory detailing...
Orca Security has released the 2024 State of Cloud Security Report, which leverages unique insights into cloud risks captured by...
Among the myriad techniques and tools at the disposal of cybersecurity experts, one subtle yet powerful method often goes unnoticed:...
On January 31st, Snyk unveiled the discovery of four novel container vulnerabilities that target the runC and BuildKit components within...
Orca has discovered three new vulnerabilities within various Azure HDInsight third-party services, including Apache Hadoop, Spark, and Kafka. These services...
On January 24th, Jenkins, a widely used open source CI/CD automation tool, released a security advisory regarding a new critical...
Publicly disclosed computer vulnerabilities are compiled into a list called Common Vulnerabilities and Exposures (CVE). To understand the severity of...
Last week, Microsoft revealed that the Russia-based threat actor group known as Midnight Blizzard, Cozy Bear, and APT29 had compromised...
Following our discovery of a critical loophole in Google Kubernetes Engine (GKE) dubbed Sys:All, we decided to conduct research into...