Orca Security

🚨 A supply chain worm just hit TanStack, Mistral AI, UiPath, and 160+ other npm/PyPI packages. It steals credentials, self-propagates, and can wipe your home directory. We break down what happened and how to respond: orca.security/resources/blog…

⏰ One hour away! Cloud Security Live kicks off at 8:30 AM PT , and if you haven't registered yet, there's still time to join us! 👇 Grab your spot before we go live! try.orca.security/cloud-security…

We have been named to @notablecap's Rising in Cyber list for the third consecutive year, voted on by 150 active CISOs and security leaders. Being recognized by the people we serve makes this one extra special. Read more here: businesswire.com/news/home/2026…

Congrats to this year’s honorees: @1Password @Abnormal @get_abstracted @anecdotes_ai Beacon @Clover_Security @cyera_io @descopeinc @DrataHQ Echo @EndorLabs Fable @GripSecurity @harmonicsec @island_io @knosticai @NomaSecurity @OligoSecurity @opal_sec @orcasec @pdiscoveryio @ProphetSec @runlayer @SocketSecurity @sublime_sec Terra @tines_hq @TheTokenSec @tonicfakedata @torq_io risingincyber.com

🚨 Critical Apache HTTP Server vuln (CVE-2026-23918, CVSS 8.8). Unauthenticated RCE via HTTP/2. PoC is already public. Patch to 2.4.67 now. Full breakdown + mitigation guide: orca.security/resources/blog… #Apache #CVE202623918

The countdown is ON. Cloud Security Live is 6 days away! Join us May 12th for a free 3-hour virtual summit packed with real insights from the best in cloud security. 🗓 Tuesday, May 12th | 8:30 AM to 11:30 AM PT REGISTER HERE👉 try.orca.security/cloud-security…

Are the AI agent skills in your dev tools actually secure? 🔍 The same supply chain risks we've battled in software for years are showing up in agent skills marketplaces, and security controls aren't keeping pace. New research from our Research Pod 👇 orca.security/resources/blog…

We're heading to Copenhagen! Join us at V2 Security, Denmark's largest cybersecurity expo & conference. 📅 6–7 May | Bella Center, Copenhagen 📍 Find us at Booth #B-046 Come chat cloud security, grab some swag, and connect with the team. v2security.dk/landingpage

🚨 CVE-2026-31431: A new Linux kernel vuln lets unprivileged users escalate to root via page cache corruption — no disk writes, so file-integrity tools won't catch it. Read the full breakdown 👇 orca.security/resources/blog…

We've rounded up the best cloud security minds we know. AI risk, supply chains, resilience, real CISO talk. Cloud Security LIVE is May 12 and you're invited. See the full agenda and grab your spot 👇 orca.security/resources/blog…

Finding vulnerabilities isn't the problem. Fixing them is. 77% of orgs sit on critical container vulns for 90+ days. Our 2026 State of AppSec Report shows why and how to close the gap. orca.security/lp/2026-state-…

🚨 CVE-2026-33634 (CVSS 9.4): The TeamPCP campaign is actively exploiting Checkmarx GitHub Actions to steal CI/CD secrets — no auth required. Full breakdown + remediation guide 👇 orca.security/resources/blog…

🚨 Malicious Xinference PyPI packages (2.6.0, 2.6.1, 2.6.2) are part of an active supply chain attack. If installed, assume compromise. We help you find affected assets and prioritize remediation fast. orca.security/resources/blog…

Not every vulnerability in your app will get you breached. But the ones that are reachable, exploitable, and invisible to your team? Those will. Here's what modern AppSec actually looks like in 2026 👇 orca.security/resources/blog…

Everything's bigger in Texas, including our compliance list. 🤠 We’re now TX-RAMP Level 2 certified, recognized by the Texas Department of Information Resources as a trusted cloud product for state agencies. 👉 Learn more about Orca for Government: orca.security/solutions/indu…

Every year, the industry declares a new "most critical" security layer. Every year, attackers exploit the same basic gaps. Most breaches are preventable. Our CIO Avi Shua breaks it down in Forbes Tech Council. forbes.com/councils/forbe…

AI-accelerated offense doesn't create new problems. It makes existing gaps catastrophic. Anthropic's seven-part AI threat framework points directly at the gaps that matter most. Here's how Orca closes them. orca.security/resources/blog…

Prompt-level controls won't cut it. There's a better way. Our Field CISO is speaking at the SANS AI Cybersecurity Summit (April 20–21) on what a real, end-to-end AI security strategy looks like. 👉 sans.org/cyber-security…

Most orgs are securing AI reactively. The 2026 TAG Enterprise AI Security Handbook says that's not enough, and we're proud to be recognized in it. Here's what your security program needs to know. orca.security/resources/blog…

We were just recognized in SACR's latest report on Unified Agentic Defense Platforms 🙌 Three strengths that stood out: AI posture management, agentless visibility, and contextual risk scoring. Our three biggest takeaways from the report ⤵ orca.security/resources/blog…