Two XSS Vulnerabilities in Azure with Embedded postMessage IFrames
Microsoft Azure offers a diverse range of services that empower organizations with convenient and scalable cloud infrastructure solutions. However, even...
Microsoft Azure offers a diverse range of services that empower organizations with convenient and scalable cloud infrastructure solutions. However, even...
In recent years, supply chain attacks targeting software developers and suppliers have become increasingly common. The primary objective of these...
Today, at BlueHat IL 2023, we proudly announced our discovery of a new vulnerability in Azure, which we've dubbed 'Super...
As we approach the middle of 2023, we thought it an appropriate time to reflect on the cloud security risks...
Overview of key threats for cloud environments, with a focus on Linux malware, database malware, malicious cryptomining code, and ransomware.
Kubernetes was designed for functionality, not security, but it does include several key settings and policies. Learn more about Kubernetes...
The ‘Google Cloud Platform Storage Explorer’ tool crawls all of your Google Cloud projects and detects which have access to...
The Orca Security Research Pod has been actively tracking cyber attacks leading up to and occurring as part of Russia’s...
A new critical Linux privilege escalation vulnerability was published under the ID CVE-2022-0847, named “Dirty Pipe.”
AutoWarp is a critical vulnerability in Microsoft Azure Automation Service that allows unauthorized access to other customer accounts using the...
How a malicious actor can conduct lateral movement in Google Cloud across compute engine instances using the default service account.
Analyzing customer environments is always a detective task, and when we find structural flaws in a service provider, this is...
Orca Security, as part of an ongoing research effort, discovered a vulnerability in the Databricks platform, and Databricks took swift...