Research

Why do attackers love GitHub Actions, and why should you care? The answer lies in a dangerous combination of widespread...

This week, three new high-severity vulnerabilities were revealed in runC, the fundamental runtime technology used by most container platforms. This...

On October 23rd, Microsoft released an unusual out-of-band security patch for CVE-2025-59287, a remote code execution vulnerability in WSUS (Windows...

Few threats capture the complexity of today’s digital ecosystem quite like supply chain attacks. These incidents don’t just exploit technical...

Executive summary We have managed to successfully compromise repositories owned by Microsoft, Google, Nvidia and many more using a single...

Executive Summary: The Orca Research Pod has uncovered critical security risks across several high-profile open source repositories that relied on...

TL;DR A new software supply chain attack has been identified, targeting the npm registry and this time impacting more than...

Reports have emerged of a major supply chain attack impacting numerous NPM packages maintained by the developer known as “qix.”...

On August 26, 2025, the open-source ecosystem was shaken by a new supply chain attack that targeted Nx, a popular...