Research
Bringing Memory to AI: A Look at A2A and MCP-like Technologies Across Platforms
Over the last year, we've witnessed a pivotal shift in how large language models (LLMs) are used - not just...
Research Pod
Discovered Vulnerabilities
Kubernetes CRD Abstraction Risks in kro
Executive Summary: The Orca Research Pod has discovered CVE-2025-48710 in kro (Kube Resource Orchestrator) where an attacker could introduce a malicious CustomResourceDefinition...
Discovered Vulnerabilities
‘IngressNightmare’: Critical Vulnerabilities in Ingress NGINX Controller Allow Unauthenticated Remote Code Execution
On March 24th, 2025, Wiz’s research team published information on five vulnerabilities in the Ingress NGINX Controller for Kubernetes (ingress-nginx)...
Discovered Vulnerabilities
Oracle Cloud Breach Exploiting CVE-2021-35587: How to Protect Your Organization
Read about the Oracle Cloud Breach Exploiting CVE-2021-35587 and learn how to protect your organization.
Research
Meet Orca Security Cloud Threat Researcher Lidor B.
Fun Facts About Lidor Beverage of choice: Coffee or soda Go-to snack: Any kind of chocolate Hobbies (Present and Past):...
Discovered Vulnerabilities
Azure HDInsight Riddled With XSS Vulnerabilities via Apache Services
The Orca Research Pod recently discovered a total of 8 important Cross-Site Scripting (XSS) vulnerabilities within various Apache services on...
Research
Beware the Azure Guest User: How to Detect When a Guest User Account Is Being Exploited
In Azure environments, guest users are the go-to option when giving access to a user from a different tenant. Often,...
Discovered Vulnerabilities
Bad.Build: A Critical Privilege Escalation Design Flaw in Google Cloud Build Enables a Supply Chain Attack
Bad.Build is a critical design flaw discovered by the Orca Research Pod in the Google Cloud Build service that enables...
Research
Using AI to Detect Cloud Anomalies: A Supply Chain Attack Example
Although it’s always preferable to prevent security incidents before they occur, it’s only a matter of time before an attacker...
‘Orca Watch’ Series
2023 Honeypotting in the Cloud Report: Attackers Discover and Weaponize Exposed Cloud Assets and Secrets in Minutes
The state of cloud security is a dynamic and ever-evolving landscape, as both attackers and defenders continuously adapt their tactics...
Discovered Vulnerabilities
Two XSS Vulnerabilities in Azure with Embedded postMessage IFrames
Microsoft Azure offers a diverse range of services that empower organizations with convenient and scalable cloud infrastructure solutions. However, even...
‘Orca Watch’ Series
The Top 5 Cloud Security Risks of 2023 (so far)
As we approach the middle of 2023, we thought it an appropriate time to reflect on the cloud security risks...
Research
Dependency Confusion Supply Chain Attacks: 49% of Organizations Are Vulnerable
In recent years, supply chain attacks targeting software developers and suppliers have become increasingly common. The primary objective of these...
Personalized Demo
See Orca Security in Action
Gain visibility, achieve compliance, and prioritize risks with the Orca Cloud Security Platform.