Orca Security

We're heading to Copenhagen! Join us at V2 Security, Denmark's largest cybersecurity expo & conference. 📅 6–7 May | Bella Center, Copenhagen 📍 Find us at Booth #B-046 Come chat cloud security, grab some swag, and connect with the team. v2security.dk/landingpage

🚨 CVE-2026-31431: A new Linux kernel vuln lets unprivileged users escalate to root via page cache corruption — no disk writes, so file-integrity tools won't catch it. Read the full breakdown 👇 orca.security/resources/blog…

We've rounded up the best cloud security minds we know. AI risk, supply chains, resilience, real CISO talk. Cloud Security LIVE is May 12 and you're invited. See the full agenda and grab your spot 👇 orca.security/resources/blog…

Finding vulnerabilities isn't the problem. Fixing them is. 77% of orgs sit on critical container vulns for 90+ days. Our 2026 State of AppSec Report shows why and how to close the gap. orca.security/lp/2026-state-…

🚨 CVE-2026-33634 (CVSS 9.4): The TeamPCP campaign is actively exploiting Checkmarx GitHub Actions to steal CI/CD secrets — no auth required. Full breakdown + remediation guide 👇 orca.security/resources/blog…

🚨 Malicious Xinference PyPI packages (2.6.0, 2.6.1, 2.6.2) are part of an active supply chain attack. If installed, assume compromise. We help you find affected assets and prioritize remediation fast. orca.security/resources/blog…

Not every vulnerability in your app will get you breached. But the ones that are reachable, exploitable, and invisible to your team? Those will. Here's what modern AppSec actually looks like in 2026 👇 orca.security/resources/blog…

Everything's bigger in Texas, including our compliance list. 🤠 We’re now TX-RAMP Level 2 certified, recognized by the Texas Department of Information Resources as a trusted cloud product for state agencies. 👉 Learn more about Orca for Government: orca.security/solutions/indu…

Every year, the industry declares a new "most critical" security layer. Every year, attackers exploit the same basic gaps. Most breaches are preventable. Our CIO Avi Shua breaks it down in Forbes Tech Council. forbes.com/councils/forbe…

AI-accelerated offense doesn't create new problems. It makes existing gaps catastrophic. Anthropic's seven-part AI threat framework points directly at the gaps that matter most. Here's how Orca closes them. orca.security/resources/blog…

Prompt-level controls won't cut it. There's a better way. Our Field CISO is speaking at the SANS AI Cybersecurity Summit (April 20–21) on what a real, end-to-end AI security strategy looks like. 👉 sans.org/cyber-security…

Most orgs are securing AI reactively. The 2026 TAG Enterprise AI Security Handbook says that's not enough, and we're proud to be recognized in it. Here's what your security program needs to know. orca.security/resources/blog…

We were just recognized in SACR's latest report on Unified Agentic Defense Platforms 🙌 Three strengths that stood out: AI posture management, agentless visibility, and contextual risk scoring. Our three biggest takeaways from the report ⤵ orca.security/resources/blog…

We're giving away AI CPUs at Cloud Security LIVE 2026 👀 Join us May 12 for a half-day virtual summit on securing the cloud in an AI world. Check out the blog for the full details and agenda. orca.security/resources/blog…

A bug in OpenBSD went undetected for 27 years. AI just found it. The future of AppSec isn't a single pen test. It's continuous investigation and security built in from the start. Our CEO Gil Geron breaks it down. orca.security/resources/blog…

Orca now integrates with @Drata to automatically map vulnerability findings to SOC 2, ISO 27001, PCI DSS & more. No more manual screenshots. No more audit scrambles. Just continuous, audit-ready evidence collection. Read the blog 👇 orca.security/resources/blog…

🔴 Now on demand on Amazon Web Services (AWS) Security LIVE! Our Field CISO Tim Chase joined host Brian Mendenhall to break down how AWS customers secure AI innovation across the entire lifecycle, proactively. Watch it now 👇 youtube.com/watch?v=WeGUMY…

🚨 CVE-2026-23226: How a Missing Lock in ksmbd's Channel List Exposes Your Linux SMB3 Server All an attacker needs: valid SMB credentials + access to port 445. The fix is merged, patch now or disable SMB3 multichannel. 👉 Full breakdown here: orca.security/resources/blog…

The 2026 State of Application Security Report is here, and these findings will shock you. Application risk isn't just widespread. It's persistent, it's reaching production, and most of it isn't being remediated. We break down the biggest takeaway: orca.security/resources/blog…

SAP migration might be the biggest IT transformation your org ever takes on. Security shouldn't be what trips you up. Join Orca Security + @nttdata_inc on April 15 to learn how to stay in control before, during, and after the move. try.orca.security/ORCA-NTT-SAP-M…