Report
2025 Gartner® Market Guide for CNAPP
2025 Gartner® Market Guide for Cloud-Native Application Protection Platforms (CNAPP) Read the report to learn why Gartner is recommending that...
Research
‘Orca Watch’ Series
New ‘ToolShell’ Exploit Chain Targets SharePoint Servers via CVE-2025-53770 and CVE-2025-53771
Microsoft pushed out-of-band fixes for on-premise SharePoint Servers after attackers chained CVE-2025-53770 and CVE-2025-53771. The chain bypasses SharePoint chain vulnerabilities,...
Microsoft Azure
Azure Machine Learning Escalation: When Pipelines Go Off the Rails
Table of contentsExecutive summaryA quick introduction to Azure Machine LearningHow AML pipelines are commonly usedHow the privilege escalation vulnerability could...
Orca Platform
Improved Cloud Understanding by Connecting Amazon Q to the Orca MCP Server
When we first announced the Orca MCP Server, we showed some examples with Claude and with Cursor. In this blog,...
Cloud Security Insights
2025 State of Cloud Security Report: Cloud Risks Surge Amid Expanding AI Adoption
Today, we’re excited to release the 2025 State of Cloud Security Report, which reveals deep insights uncovered by the Orca...
Report
2025 State of Cloud Security Report
In-Depth Research 2025 State of Cloud Security Report Hunting threats in the age of relentless risk Get the Report Billions...
Research
CVE-2025-31324 Exploited in the Wild: What We’ve Found in the Aftermath
In late April 2025, SAP disclosed CVE-2025-31324, a critical vulnerability in SAP NetWeaver’s Visual Composer development server. The flaw—stemming from...
Research
Bringing Memory to AI: A Look at A2A and MCP-like Technologies Across Platforms
Over the last year, we've witnessed a pivotal shift in how large language models (LLMs) are used - not just...
Discovered Vulnerabilities
Kubernetes CRD Abstraction Risks in kro
Executive Summary: The Orca Research Pod has discovered CVE-2025-48710 in kro (Kube Resource Orchestrator) where an attacker could introduce a malicious CustomResourceDefinition...