Research
Bringing Memory to AI: A Look at A2A and MCP-like Technologies Across Platforms
Over the last year, we've witnessed a pivotal shift in how large language models (LLMs) are used - not just...
Research Pod
Discovered Vulnerabilities
Kubernetes CRD Abstraction Risks in kro
Executive Summary: The Orca Research Pod has discovered CVE-2025-48710 in kro (Kube Resource Orchestrator) where an attacker could introduce a malicious CustomResourceDefinition...
Discovered Vulnerabilities
‘IngressNightmare’: Critical Vulnerabilities in Ingress NGINX Controller Allow Unauthenticated Remote Code Execution
On March 24th, 2025, Wiz’s research team published information on five vulnerabilities in the Ingress NGINX Controller for Kubernetes (ingress-nginx)...
Discovered Vulnerabilities
Oracle Cloud Breach Exploiting CVE-2021-35587: How to Protect Your Organization
Read about the Oracle Cloud Breach Exploiting CVE-2021-35587 and learn how to protect your organization.
Discovered Vulnerabilities
CosMiss: Azure Cosmos DB Notebook Remote Code Execution Vulnerability
The Orca Research Pod has discovered CosMiss, a vulnerability in Microsoft Azure Cosmos DB where authentication checks were missing from...
Discovered Vulnerabilities
FabriXss (CVE-2022-35829): How We Managed to Abuse a Custom Role User Using CSTI and Stored XSS in Azure Fabric Explorer
The Orca Research Pod has discovered FabriXss, a vulnerability in Azure Service Fabric Explorer
‘Orca Watch’ Series
2022 State of Public Cloud Security Report Reveals Critical Cloud Security Gaps
Orca Security has released the 2022 State of the Public Cloud Security report, which provides crucial insights into the current...
Discovered Vulnerabilities
Azure Synapse: Local Privilege Escalation Vulnerability in Spark
The story of a simple race condition leading to a local privilege escalation vulnerability in Azure Synapse Analytics
Research
Infrastructure as Code: Common Security Risks and How to Prevent Them
Check out this Orca Security article that outlines infrastructure as code (IaC) security risks and offers recommended methods for protecting...
Discovered Vulnerabilities
SynLapse – Technical Details for Critical Azure Synapse Vulnerability
Recently, the Orca Security research team discovered SynLapse, a tenant separation violation vulnerability in the Microsoft Azure Synapse environment.
‘Orca Watch’ Series
Supply Chain Attack: CTX Account Takeover and PHPass Hijack Explained
A threat actor recently hacked a popular PyPi repo on GitHub, setting off a supply chain attack that could have...
Discovered Vulnerabilities
Security Advisory: Insufficient Tenant Separation in Azure Synapse Service
This security advisory addresses a tenant separation issue in the Microsoft Azure Synapse service.
‘Orca Watch’ Series
Open Source Package Risks in Cloud Environments and How It Relates to the Russian-Ukrainian Conflict
Protestware malicious code found in NPM package node-ipc in Russia / Belarus, overwriting entire file systems with heart emojis to...
Personalized Demo
See Orca Security in Action
Gain visibility, achieve compliance, and prioritize risks with the Orca Cloud Security Platform.