Research Archives | Page 3 of 13

Remote Code Execution in GitHub Enterprise Server via Git Push Injection (CVE-2026-3854)

‘Orca Watch’ Series

Remote Code Execution in GitHub Enterprise Server via Git Push Injection (CVE-2026-3854)

A critical vulnerability (CVE-2026-3854, CVSS 8.7) was disclosed affecting GitHub Enterprise Server and GitHub.com, allowing attackers to execute arbitrary commands...

Roi Nisimi

Apr 30, 2026

Linux Kernel Bug (Copy.Fail) Enables Local Privilege Escalation to Root (CVE-2026-31431)

‘Orca Watch’ Series

Linux Kernel Bug (Copy.Fail) Enables Local Privilege Escalation to Root (CVE-2026-31431)

A Linux kernel vulnerability, CVE-2026-31431 dubbed Copy Fail, allows an unprivileged local user to gain root by corrupting the page...

Tohar Braun

Apr 30, 2026

Xinference PyPI package compromise leads to full environment takeover

Application Security

Xinference PyPI package compromise leads to full environment takeover

Table of contentsWhat is the Xinference PyPI Package Compromise ?Assessing the Impact: Credential Theft and Full Environment TakeoverHow to Mitigate...

Roi Nisimi

Apr 23, 2026

Checkmarx supply chain compromise exposes CI/CD secrets

Application Security

Checkmarx supply chain compromise exposes CI/CD secrets

Table of contentsWhat is the Checkmarx Supply Chain Compromise ?Impact of the TeamPCP Campaign: Credential Theft and Lateral MovementMitigation RecommendationsHow...

Roi Nisimi

Apr 23, 2026

Kyverno SSRF: Breaking Kubernetes Namespace Isolation (CVE-2026-4789)

‘Orca Watch’ Series

Kyverno SSRF: Breaking Kubernetes Namespace Isolation (CVE-2026-4789)

A critical SSRF (Server-Side Request Forgery, where an attacker tricks a server into making HTTP requests on their behalf) vulnerability...

Igor Stepansky

Apr 09, 2026

CVE-2026-23226: How a Missing Lock in ksmbd’s Channel List Exposes Your Linux SMB3 Server

Discovered Vulnerabilities

CVE-2026-23226: How a Missing Lock in ksmbd’s Channel List Exposes Your Linux SMB3 Server

Table of contentsOverviewWhat Is ksmbd - and Why Does It Matter?Understanding SMB3 MultichannelThe Vulnerability - A Missing LockThe Broken Data...

Igor Stepansky

Apr 08, 2026

2026 State of Application Security Report

Report

2026 State of Application Security Report

In-Depth Research 2026 State of Application Security Report When Development Velocity Outpaces Security Get the Report One clear picture of...

Apr 07, 2026

2026 State of AppSec: When Development Velocity Outpaces Security

Application Security

2026 State of AppSec: When Development Velocity Outpaces Security

Today, we’re excited to release the 2026 State of Application Security Report, which reveals deep insights uncovered by the Orca...

Jake Kramber

Apr 07, 2026

Supply Chain Attack on Axios Delivers Cross-Platform RAT via Compromised npm Account

Application Security

Supply Chain Attack on Axios Delivers Cross-Platform RAT via Compromised npm Account

Table of contentsQuick OverviewWhat is Axios?Technical AnalysisHow the account was compromisedThe phantom dependency trickInside the dropperPlatform-specific payloadsAnti-forensic evidence destructionAttack FlowAffected...

Igor Stepansky

Mar 31, 2026

Research

Remote Code Execution in GitHub Enterprise Server via Git Push Injection (CVE-2026-3854)

Linux Kernel Bug (Copy.Fail) Enables Local Privilege Escalation to Root (CVE-2026-31431)

Xinference PyPI package compromise leads to full environment takeover

Checkmarx supply chain compromise exposes CI/CD secrets

Kyverno SSRF: Breaking Kubernetes Namespace Isolation (CVE-2026-4789)

CVE-2026-23226: How a Missing Lock in ksmbd’s Channel List Exposes Your Linux SMB3 Server

2026 State of Application Security Report

2026 State of AppSec: When Development Velocity Outpaces Security

Supply Chain Attack on Axios Delivers Cross-Platform RAT via Compromised npm Account

Cloud Security Platform

Technology Ecosystem

By Solution

By Industry

Comparisons