Research Archives | Page 3 of 14

The AI Data You Forgot to Lock: How Exposed Vector Databases Put Organizations at Risk

Data and AI Security

The AI Data You Forgot to Lock: How Exposed Vector Databases Put Organizations at Risk

Table of contentsExecutive Summary: PII, Medical Records, and Credentials at RiskThe Rise of Vector Databases and Their Blind SpotsThe Root...

Roi Nisimi

May 19, 2026

Linux kernel vulnerability enables local theft of SSH host keys and /etc/shadow

‘Orca Watch’ Series

Linux kernel vulnerability enables local theft of SSH host keys and /etc/shadow

Table of contentsExecutive SummaryVulnerability DetailsWhy This MattersAffected Systems and Proof of Concept (PoC)Recommended MitigationExploitation Risk and Threat OutlookPotential ImpactHow can...

Roi Nisimi

May 15, 2026

18-Year-Old NGINX Rewrite Module Flaw Enables Unauthenticated DoS and Potential RCE

‘Orca Watch’ Series

18-Year-Old NGINX Rewrite Module Flaw Enables Unauthenticated DoS and Potential RCE

Table of contentsTechnical Root CauseAffected Products and VersionsRecommended ActionExploitation Risk and Threat OutlookPotential Business ImpactUPDATE May 15, 2026How can Orca...

Roi Nisimi Yonatan Levi

May 14, 2026

TanStack and 160+ npm/PyPI Packages Compromised in Supply Chain Worm Attack

‘Orca Watch’ Series

TanStack and 160+ npm/PyPI Packages Compromised in Supply Chain Worm Attack

Table of contentsKey TakeawaysExecutive SummaryHow the Exploit Chain WorkedHow the Worm PropagatesThe gh-token-monitor WiperScope of CompromiseImmediate Mitigation StepsWhy This Attack...

Roi Nisimi

May 12, 2026

Dirty Frag: Linux Kernel Vulnerability Chain Enables Local Privilege Escalation to Root

‘Orca Watch’ Series

Dirty Frag: Linux Kernel Vulnerability Chain Enables Local Privilege Escalation to Root

Table of contentsExecutive SummaryAbout the vulnerability: CVE-2026-43284 and CVE-2026-43500Risk impactAffected systemsMitigation recommendationsRecommended actions:How can Orca help? Executive Summary A Linux...

Tohar Braun

May 10, 2026

Critical Apache HTTP Server HTTP/2 Vulnerability Could Enable Remote Code Execution

‘Orca Watch’ Series

Critical Apache HTTP Server HTTP/2 Vulnerability Could Enable Remote Code Execution

Table of contentsAbout the Vulnerability: CVE-2026-23918Risk ImpactMitigation RecommendationsHow can Orca help? A high-severity vulnerability (CVE-2026-23918, CVSS 8.8) was disclosed affecting...

Roi Nisimi

May 08, 2026

Skill Issues: How We Discovered Supply Chain Attack Vectors in an AI Agent Skills Marketplace

Application Security

Skill Issues: How We Discovered Supply Chain Attack Vectors in an AI Agent Skills Marketplace

Table of contentsExecutive summaryBreaking Down Agent SkillsMalicious Skill: A Real-World ExamplePrimitive 1: Weaponizing Malicious AI Agent Skills via Artificial Install...

Roi Nisimi

May 05, 2026

Remote Code Execution in GitHub Enterprise Server via Git Push Injection (CVE-2026-3854)

‘Orca Watch’ Series

Remote Code Execution in GitHub Enterprise Server via Git Push Injection (CVE-2026-3854)

A critical vulnerability (CVE-2026-3854, CVSS 8.7) was disclosed affecting GitHub Enterprise Server and GitHub.com, allowing attackers to execute arbitrary commands...

Roi Nisimi

Apr 30, 2026

Linux Kernel Bug (Copy.Fail) Enables Local Privilege Escalation to Root (CVE-2026-31431)

‘Orca Watch’ Series

Linux Kernel Bug (Copy.Fail) Enables Local Privilege Escalation to Root (CVE-2026-31431)

A Linux kernel vulnerability, CVE-2026-31431 dubbed Copy Fail, allows an unprivileged local user to gain root by corrupting the page...

Tohar Braun

Apr 30, 2026

Research

The AI Data You Forgot to Lock: How Exposed Vector Databases Put Organizations at Risk

Linux kernel vulnerability enables local theft of SSH host keys and /etc/shadow

18-Year-Old NGINX Rewrite Module Flaw Enables Unauthenticated DoS and Potential RCE

TanStack and 160+ npm/PyPI Packages Compromised in Supply Chain Worm Attack

Dirty Frag: Linux Kernel Vulnerability Chain Enables Local Privilege Escalation to Root

Critical Apache HTTP Server HTTP/2 Vulnerability Could Enable Remote Code Execution

Skill Issues: How We Discovered Supply Chain Attack Vectors in an AI Agent Skills Marketplace

Remote Code Execution in GitHub Enterprise Server via Git Push Injection (CVE-2026-3854)

Linux Kernel Bug (Copy.Fail) Enables Local Privilege Escalation to Root (CVE-2026-31431)

Cloud Security Platform

Technology Ecosystem

By Solution

By Industry

Comparisons