Research
Bringing Memory to AI: A Look at A2A and MCP-like Technologies Across Platforms
Over the last year, we've witnessed a pivotal shift in how large language models (LLMs) are used - not just...
Research Pod
Discovered Vulnerabilities
Kubernetes CRD Abstraction Risks in kro
Executive Summary: The Orca Research Pod has discovered CVE-2025-48710 in kro (Kube Resource Orchestrator) where an attacker could introduce a malicious CustomResourceDefinition...
Discovered Vulnerabilities
‘IngressNightmare’: Critical Vulnerabilities in Ingress NGINX Controller Allow Unauthenticated Remote Code Execution
On March 24th, 2025, Wiz’s research team published information on five vulnerabilities in the Ingress NGINX Controller for Kubernetes (ingress-nginx)...
Discovered Vulnerabilities
Oracle Cloud Breach Exploiting CVE-2021-35587: How to Protect Your Organization
Read about the Oracle Cloud Breach Exploiting CVE-2021-35587 and learn how to protect your organization.
‘Orca Watch’ Series
Everything You Didn’t Know About Cross-Account and Cross-Cloud Provider Attacks
Wait, did you say ‘Cross-Cloud Provider Attacks’? Yes, this is actually a growing type of attack path: As organizations increasingly...
‘Orca Watch’ Series
Five Things You Need to Know About Malware on Storage Buckets
Cloud storage buckets, such as Amazon S3 Buckets, Azure Blob storage and GCP storage buckets, are a popular storage solution...
Research
Cloud Native Security: OWASP Kubernetes Top 10
As more organizations adopt containerized infrastructure, the need for effective security practices becomes increasingly important. Recently released by the OWASP...
Research
Elastic IP Transfer: Identifying and Mitigating Risks from a New Attack-Vector on AWS
Elastic IPs (EIPs) are public and static IPv4 addresses provided by AWS. EIPs can be viewed as a pool of...
Discovered Vulnerabilities
Authenticated SSRF Vulnerability on Azure API Management Service
In this blog we describe how we uncovered an important Server-Side Request Forgery (SSRF) Vulnerability on Azure API Management Service,...
Discovered Vulnerabilities
How Orca Found Server-Side Request Forgery (SSRF) Vulnerabilities in Four Different Azure Services
As part of the Orca Research Pod efforts, we regularly research various cloud provider services and capabilities to help our...
Discovered Vulnerabilities
Unauthenticated SSRF Vulnerability on Azure Digital Twins Explorer
In this blog we describe how we uncovered an SSRF Vulnerability in the Azure DigitalTwins Explorer service, allowing any unauthenticated...
Discovered Vulnerabilities
Unauthenticated SSRF Vulnerability on Azure Functions
In this blog we describe how we uncovered an SSRF Vulnerability in Azure Functions allowing any unauthenticated user to request...
Discovered Vulnerabilities
Authenticated SSRF Vulnerability on Azure Machine Learning Service
In this blog we describe how we uncovered an SSRF Vulnerability in the Azure Machine Learning service, allowing any authenticated...
Personalized Demo
See Orca Security in Action
Gain visibility, achieve compliance, and prioritize risks with the Orca Cloud Security Platform.