Research Archives | Page 3 of 11

Hacking GitHub Codespaces via VS Code Defaults: A Supply-Chain Attack Vector

Discovered Vulnerabilities

Hacking GitHub Codespaces via VS Code Defaults: A Supply-Chain Attack Vector

Executive Summary The Orca Research Pod has uncovered multiple attack vectors in GitHub Codespaces that allow remote code execution (RCE)...

Roi Nisimi

Feb 04, 2026

Critical RCE in vLLM Allows Server Takeover via Malicious Video URL (CVE-2026-22778)

‘Orca Watch’ Series

Critical RCE in vLLM Allows Server Takeover via Malicious Video URL (CVE-2026-22778)

Introduction A critical vulnerability (CVE-2026-22778, CVSS 9.8) was disclosed on February 2, 2026, affecting vLLM, a widely-deployed Python library for...

Igor Stepansky

Feb 03, 2026

Notepad++ Update Mechanism Hijacked by State-Sponsored Actors for Six Months

‘Orca Watch’ Series

Notepad++ Update Mechanism Hijacked by State-Sponsored Actors for Six Months

Introduction State-sponsored attackers compromised Notepad++'s hosting infrastructure from June through December 2025, hijacking the application's update mechanism to deliver malicious...

Igor Stepansky

Feb 02, 2026

Critical n8n Sandbox Escape Enables Remote Code Execution

‘Orca Watch’ Series

Critical n8n Sandbox Escape Enables Remote Code Execution

A critical vulnerability (CVE-2026-1470, CVSS 9.9) was disclosed on January 27, 2026 affecting n8n, the popular open-source workflow automation platform....

Igor Stepansky

Jan 29, 2026

CVE-2025-15467: Critical OpenSSL Flaw Enables Pre-Auth Remote Code Execution

‘Orca Watch’ Series

CVE-2025-15467: Critical OpenSSL Flaw Enables Pre-Auth Remote Code Execution

A critical vulnerability (CVE-2025-15467, CVSS 9.8) dropped on January 27, 2026. It affects OpenSSL 3.0, 3.3, 3.4, 3.5, and 3.6...

Igor Stepansky

Jan 29, 2026

Microsoft Office Zero-Day Actively Exploited – Emergency Patches Released

‘Orca Watch’ Series

Microsoft Office Zero-Day Actively Exploited – Emergency Patches Released

Quick Overview CVE-ID: CVE-2026-21509 CVSS Score: 7.8 (High) Affected Products: Microsoft Office 2016, 2019, LTSC 2021, LTSC 2024, Microsoft 365...

Igor Stepansky

Jan 28, 2026

GNU InetUtils telnetd Authentication Bypass Grants Instant Root Access

‘Orca Watch’ Series

GNU InetUtils telnetd Authentication Bypass Grants Instant Root Access

A critical vulnerability (CVE-2026-24061, CVSS 9.8) was disclosed on January 20, 2026 affecting GNU InetUtils telnetd versions 1.9.3 through 2.7....

Igor Stepansky

Jan 28, 2026

Critical unauthenticated RCE in n8n (CVE-2026-21858, CVSS 10.0) allows full instance takeover

‘Orca Watch’ Series

Critical unauthenticated RCE in n8n (CVE-2026-21858, CVSS 10.0) allows full instance takeover

A critical vulnerability (CVE-2026-21858, CVSS score 10.0) was disclosed affecting the n8n workflow automation platform, allowing attackers to remotely execute...

Roi Nisimi

Jan 07, 2026

Critical 9.3 Severity LangChain Serialization Flaw Enables Secret Theft

‘Orca Watch’ Series

Critical 9.3 Severity LangChain Serialization Flaw Enables Secret Theft

A critical vulnerability (CVE-2025-68664, CVSS 9.3) was disclosed affecting the LangChain open-source LLM framework, allowing attackers to steal sensitive data...

Roi Nisimi

Dec 25, 2025

Research

Hacking GitHub Codespaces via VS Code Defaults: A Supply-Chain Attack Vector

Critical RCE in vLLM Allows Server Takeover via Malicious Video URL (CVE-2026-22778)

Notepad++ Update Mechanism Hijacked by State-Sponsored Actors for Six Months

Critical n8n Sandbox Escape Enables Remote Code Execution

CVE-2025-15467: Critical OpenSSL Flaw Enables Pre-Auth Remote Code Execution

Microsoft Office Zero-Day Actively Exploited – Emergency Patches Released

GNU InetUtils telnetd Authentication Bypass Grants Instant Root Access

Critical unauthenticated RCE in n8n (CVE-2026-21858, CVSS 10.0) allows full instance takeover

Critical 9.3 Severity LangChain Serialization Flaw Enables Secret Theft

Cloud Security Platform

Technology Ecosystem

By Solution

By Industry

Comparisons