Research Pod

Bringing Memory to AI: A Look at A2A and MCP-like Technologies Across Platforms

Research

Bringing Memory to AI: A Look at A2A and MCP-like Technologies Across Platforms

Over the last year, we've witnessed a pivotal shift in how large language models (LLMs) are used - not just...

Ofir Yakobi Shir Sadon

May 19, 2025

Discovered Vulnerabilities

Kubernetes CRD Abstraction Risks in kro

Executive Summary: The Orca Research Pod has discovered CVE-2025-48710 in kro (Kube Resource Orchestrator) where an attacker could introduce a malicious CustomResourceDefinition...

Roi Nisimi

May 13, 2025

‘IngressNightmare’: Critical Vulnerabilities in Ingress NGINX Controller Allow Unauthenticated Remote Code Execution

Discovered Vulnerabilities

‘IngressNightmare’: Critical Vulnerabilities in Ingress NGINX Controller Allow Unauthenticated Remote Code Execution

On March 24th, 2025, Wiz’s research team published information on five vulnerabilities in the Ingress NGINX Controller for Kubernetes (ingress-nginx)...

Neil Carpenter Shir Sadon

Mar 25, 2025

Oracle Cloud Breach Exploiting CVE-2021-35587: How to Protect Your Organization

Discovered Vulnerabilities

Oracle Cloud Breach Exploiting CVE-2021-35587: How to Protect Your Organization

Read about the Oracle Cloud Breach Exploiting CVE-2021-35587 and learn how to protect your organization.

Yonatan Broder

Mar 22, 2025

Research

The Expansion of Malware to the Cloud

Overview of key threats for cloud environments, with a focus on Linux malware, database malware, malicious cryptomining code, and ransomware.

Bar Kaduri

Mar 24, 2022

Research

Key Security Capabilities in Kubernetes

Kubernetes was designed for functionality, not security, but it does include several key settings and policies. Learn more about Kubernetes...

Yonatan Broder

Mar 18, 2022

Google Cloud Storage Explorer: Enumerating Google Cloud’s Bucket Access Permissions

Research

Google Cloud Storage Explorer: Enumerating Google Cloud’s Bucket Access Permissions

The ‘Google Cloud Platform Storage Explorer’ tool crawls all of your Google Cloud projects and detects which have access to...

Liat Vaknin

Mar 17, 2022

Cyber Attacks in Russia’s Invasion of Ukraine: Orca Security Research Pod Perspectives

‘Orca Watch’ Series

Cyber Attacks in Russia’s Invasion of Ukraine: Orca Security Research Pod Perspectives

The Orca Security Research Pod has been actively tracking cyber attacks leading up to and occurring as part of Russia’s...

Bar Kaduri

Mar 11, 2022

CVE-2022-0847: Linux Dirty Pipe Local Privilege Escalation Vulnerability

‘Orca Watch’ Series

CVE-2022-0847: Linux Dirty Pipe Local Privilege Escalation Vulnerability

A new critical Linux privilege escalation vulnerability was published under the ID CVE-2022-0847, named “Dirty Pipe.”

Roy Aviram Bar Kaduri

Mar 10, 2022

AutoWarp: Critical Cross-Account Vulnerability in Microsoft Azure Automation Service

Discovered Vulnerabilities

AutoWarp: Critical Cross-Account Vulnerability in Microsoft Azure Automation Service

AutoWarp is a critical vulnerability in Microsoft Azure Automation Service that allows unauthorized access to other customer accounts using the...

Yanir Tsarimi

Mar 07, 2022

Lateral Movement in Google Cloud: Abusing the Infamous Default Service Account Misconfiguration

Research

Lateral Movement in Google Cloud: Abusing the Infamous Default Service Account Misconfiguration

How a malicious actor can conduct lateral movement in Google Cloud across compute engine instances using the default service account.

Liat Vaknin

Mar 04, 2022

Oracle Server Side Request Forgery (SSRF) Metadata

Discovered Vulnerabilities

Oracle Server Side Request Forgery (SSRF) Metadata

Analyzing customer environments is always a detective task, and when we find structural flaws in a service provider, this is...

Lidor Ben Shitrit

Feb 08, 2022

A Tale About Vulnerability Research and Early Detection

Discovered Vulnerabilities

A Tale About Vulnerability Research and Early Detection

Orca Security, as part of an ongoing research effort, discovered a vulnerability in the Databricks platform, and Databricks took swift...

Yanir Tsarimi

Feb 04, 2022

1 … 5 6 7 8

Research Pod

Bringing Memory to AI: A Look at A2A and MCP-like Technologies Across Platforms

Kubernetes CRD Abstraction Risks in kro

‘IngressNightmare’: Critical Vulnerabilities in Ingress NGINX Controller Allow Unauthenticated Remote Code Execution

Oracle Cloud Breach Exploiting CVE-2021-35587: How to Protect Your Organization

The Expansion of Malware to the Cloud

Key Security Capabilities in Kubernetes

Google Cloud Storage Explorer: Enumerating Google Cloud’s Bucket Access Permissions

Cyber Attacks in Russia’s Invasion of Ukraine: Orca Security Research Pod Perspectives

CVE-2022-0847: Linux Dirty Pipe Local Privilege Escalation Vulnerability

AutoWarp: Critical Cross-Account Vulnerability in Microsoft Azure Automation Service

Lateral Movement in Google Cloud: Abusing the Infamous Default Service Account Misconfiguration

Oracle Server Side Request Forgery (SSRF) Metadata

A Tale About Vulnerability Research and Early Detection

See Orca Security in Action

Cloud Security Platform

Technology Ecosystem

By Solution

By Industry

Comparisons