Research
Bringing Memory to AI: A Look at A2A and MCP-like Technologies Across Platforms
Over the last year, we've witnessed a pivotal shift in how large language models (LLMs) are used - not just...
Research Pod
Discovered Vulnerabilities
Kubernetes CRD Abstraction Risks in kro
Executive Summary: The Orca Research Pod has discovered CVE-2025-48710 in kro (Kube Resource Orchestrator) where an attacker could introduce a malicious CustomResourceDefinition...
Discovered Vulnerabilities
‘IngressNightmare’: Critical Vulnerabilities in Ingress NGINX Controller Allow Unauthenticated Remote Code Execution
On March 24th, 2025, Wiz’s research team published information on five vulnerabilities in the Ingress NGINX Controller for Kubernetes (ingress-nginx)...
Discovered Vulnerabilities
Oracle Cloud Breach Exploiting CVE-2021-35587: How to Protect Your Organization
Read about the Oracle Cloud Breach Exploiting CVE-2021-35587 and learn how to protect your organization.
Orca Platform
2024 State of AI Security Report Reveals Top AI Risks Seen in the Wild
Orca Security today released its inaugural State of AI Security Report, a deep dive into the security risks of deployed...
Technical Deep Dives
Watch the Typo: Our PoC Exploit for Typosquatting in GitHub Actions
In the world of software development, automation is a huge time-saver, and GitHub Actions is one of the best tools...
Research
Kubernetes Testing Environment: An Open Source Resilience Platform for EKS, GKE and AKS
It will come as no surprise that Kubernetes deployments are growing exponentially across many industries. According to the Cloud Native...
‘Orca Watch’ Series
Mitigating CVE 2024-38063: Critical RCE Vulnerability On Windows Systems With IPv6
Microsoft recently advised of a critical TCP/IP Remote Code Execution Vulnerability dubbed CVE 2024-38063, which is a critical unauthenticated Remote...
Technical Deep Dives
Meet AI Goat: The First Open Source AI Security Learning Environment Based on the OWASP Top 10 ML Risks
We’re excited to announce that the Orca Research Pod has launched AI Goat, the first open source AI security hands-on...
Research
Why You Should Disable Your Unauthenticated Read-only Ports On GKE Kubelet Servers
On July 26th, Google sent their Google Kubernetes Engine (GKE) customers an email about the fact that they identified an...
‘Orca Watch’ Series
Addressing CrowdStrike on Cloud VMs in AWS with Automated Remediation
Remediating an issue like today’s outage on Windows machines with the CrowdStrike Falcon Sensor at cloud scale can be particularly...
Technical Deep Dives
The Five Most Common AI Model Risks and How to Prevent Them
It’s hard to ignore how GenAI has already become an integral part of our daily lives, with people using LLMs...
Orca Platform
Critical CVE-2024-4577: PHP CGI Argument Injection Vulnerability
On June 6th, researchers from Shadowserver, a nonprofit security organization, discovered a heavily exploited vulnerability in PHP servers running on...
Personalized Demo
See Orca Security in Action
Gain visibility, achieve compliance, and prioritize risks with the Orca Cloud Security Platform.