Discovered Vulnerabilities
s1ngularity Supply Chain Attack: What It Means for Cloud and AI Security
On August 26, 2025, the open-source ecosystem was shaken by a new supply chain attack that targeted Nx, a popular...
IAM Role with Administrative Privileges
Orca has detected that the role {AwsIamRole} was granted full administrative privileges on the account. These privileges grant them the...
Web-service unpatched
We have found that the web-service {service_detailed} on the system was not patched for several months. It is important to...
API access from suspicious source IP was detected
AWS API call was detected from IP address which is categorized as suspicious
Default security group is being used
An AWS Security Group acts as a virtual firewall for your instances to control inbound and outbound traffic. We identified...
Security group allows unrestricted inbound traffic
An AWS Security Group acts as a virtual firewall for your instances to control inbound and outbound traffic. We identified...
Unsupported Host OS
The Installed operating system {Compute.DistributionName} {Compute.DistributionVersion} has reached end of support since {Compute.OsEndOfSupport} and does not get security patches. This...
Lambda function runtime outdated
AWS lambda function {AwsLambdaFunction} was detected running with an outdated runtime
Controller creating containers with secrets as environment variables
Kubernetes supports mounting secrets as data volumes or as environment variables. It is reasonably common for application code to log...
Controller creating pods with privileged Docker
Docker privileged mode grants a Docker container root capabilities to all devices on the host system. Controller {K8sController} was found...
Personalized Demo
See Orca Security in Action
Gain visibility, achieve compliance, and prioritize risks with the Orca Cloud Security Platform.