Research
Bringing Memory to AI: A Look at A2A and MCP-like Technologies Across Platforms
Over the last year, we've witnessed a pivotal shift in how large language models (LLMs) are used - not just...
Research Pod
Discovered Vulnerabilities
Kubernetes CRD Abstraction Risks in kro
Executive Summary: The Orca Research Pod has discovered CVE-2025-48710 in kro (Kube Resource Orchestrator) where an attacker could introduce a malicious CustomResourceDefinition...
Discovered Vulnerabilities
‘IngressNightmare’: Critical Vulnerabilities in Ingress NGINX Controller Allow Unauthenticated Remote Code Execution
On March 24th, 2025, Wiz’s research team published information on five vulnerabilities in the Ingress NGINX Controller for Kubernetes (ingress-nginx)...
Discovered Vulnerabilities
Oracle Cloud Breach Exploiting CVE-2021-35587: How to Protect Your Organization
Read about the Oracle Cloud Breach Exploiting CVE-2021-35587 and learn how to protect your organization.
Research
Azure AD & IAM (Part III) – Leveraging Managed Identities for Privilege Escalation
In the third part of the Orca Security blog post series about Azure AD and IAM, Roee shares research on...
Research
Azure AD & IAM (Part II) – Leveraging Managed Identities For Privilege Escalation
Table of contentsWhat are managed identities?Getting a managed identity access tokenThe known privilege escalation methodMy research objectivesEscalation to managed identities’...
Research
Google Cloud Platform IAM
Google’s approach to Identity and Access Management is relatively the most straightforward among the three major cloud providers.
Research
Privilege Escalation on Azure (Part I): An Introduction to Azure AD & IAM
A short tutorial on Azure Active Directory (AD) & IAM to lay the the groundwork for future posts.
Research
The Anatomy of an IAM Cyber Attack on AWS
Orca Security breaks down the anatomy of an Identity and Access Management based cyber attack on AWS, and how to...
Personalized Demo
See Orca Security in Action
Gain visibility, achieve compliance, and prioritize risks with the Orca Cloud Security Platform.