Research Archives | Orca Security

Kyverno SSRF: Breaking Kubernetes Namespace Isolation (CVE-2026-4789)

‘Orca Watch’ Series

Kyverno SSRF: Breaking Kubernetes Namespace Isolation (CVE-2026-4789)

A critical SSRF (Server-Side Request Forgery, where an attacker tricks a server into making HTTP requests on their behalf) vulnerability...

Igor Stepansky

Apr 09, 2026

CVE-2026-23226: How a Missing Lock in ksmbd’s Channel List Exposes Your Linux SMB3 Server

Discovered Vulnerabilities

CVE-2026-23226: How a Missing Lock in ksmbd’s Channel List Exposes Your Linux SMB3 Server

Table of contentsOverviewWhat Is ksmbd - and Why Does It Matter?Understanding SMB3 MultichannelThe Vulnerability - A Missing LockThe Broken Data...

Igor Stepansky

Apr 08, 2026

2026 State of AppSec: When Development Velocity Outpaces Security

Application Security

2026 State of AppSec: When Development Velocity Outpaces Security

Table of contentsTop Application Security Findings and Trends for 2026Rapid AI Adoption: Why 43% of Organizations Have Exposed AI/ML CredentialsThe...

Jake Kramber

Apr 07, 2026

2026 State of Application Security Report

Report

2026 State of Application Security Report

In-Depth Research 2026 State of Application Security Report When Development Velocity Outpaces Security Get the Report One clear picture of...

Apr 07, 2026

Supply Chain Attack on Axios Delivers Cross-Platform RAT via Compromised npm Account

Application Security

Supply Chain Attack on Axios Delivers Cross-Platform RAT via Compromised npm Account

Table of contentsQuick OverviewWhat is Axios?Technical AnalysisHow the account was compromisedThe phantom dependency trickInside the dropperPlatform-specific payloadsAnti-forensic evidence destructionAttack FlowAffected...

Igor Stepansky

Mar 31, 2026

Credential‑Stealing Malware in LiteLLM Supply Chain Attack

‘Orca Watch’ Series

Credential‑Stealing Malware in LiteLLM Supply Chain Attack

Executive Summary A severe malware incident (no formal CVE yet, but tracked as a high‑risk supply chain compromise) was disclosed...

Roi Nisimi

Mar 25, 2026

CanisterWorm: When a CI/CD Breach Became a Self-Spreading npm Worm

‘Orca Watch’ Series

CanisterWorm: When a CI/CD Breach Became a Self-Spreading npm Worm

A supply chain compromise moved from CI pipelines into the npm ecosystem, stealing secrets, hijacking packages, and persisting on developer...

Tohar Braun

Mar 23, 2026

Pickle in the Pipeline: Critical RCE Vulnerabilities in SGLang’s LLM Serving Framework

Discovered Vulnerabilities

Pickle in the Pipeline: Critical RCE Vulnerabilities in SGLang’s LLM Serving Framework

Table of contentsQuick OverviewCVSS RationaleWhat Is SGLang?Technical AnalysisRoot Cause: Python's pickle on Untrusted Network DataHow Pickle Deserialization Becomes Code ExecutionProposed...

Igor Stepansky

Mar 11, 2026

New Malware Approaches, Same Key Indicators

Thought Leadership

New Malware Approaches, Same Key Indicators

Table of contentsKey TakeawaysIntroductionThe Industrialization of MaliceAI as the Producer, and Emerging Director, of MalwareAI-Written MalwareAI-Powered MalwareNo Matter How It’s...

Eden Nagel

Mar 10, 2026

Research

Kyverno SSRF: Breaking Kubernetes Namespace Isolation (CVE-2026-4789)

CVE-2026-23226: How a Missing Lock in ksmbd’s Channel List Exposes Your Linux SMB3 Server

2026 State of AppSec: When Development Velocity Outpaces Security

2026 State of Application Security Report

Supply Chain Attack on Axios Delivers Cross-Platform RAT via Compromised npm Account

Credential‑Stealing Malware in LiteLLM Supply Chain Attack

CanisterWorm: When a CI/CD Breach Became a Self-Spreading npm Worm

Pickle in the Pipeline: Critical RCE Vulnerabilities in SGLang’s LLM Serving Framework

New Malware Approaches, Same Key Indicators

Cloud Security Platform

Technology Ecosystem

By Solution

By Industry

Comparisons