@orcasec profile picture
Orca Security @orcasec

The agentless cloud security pioneer for #AWS, #Azure, #GoogleCloud, #Kubernetes and more.

Joined January 2019
  • Tweets 4,415
  • Following 1,822
  • Followers 4,835
1,621 Photos and videos
🚨 CRITICAL: Splunk Enterprise CVE-2026-20253 (CVSS 9.8) 4 vulnerabilities disclosed, including unauthenticated file creation/truncation and RCE. No credentials, no interaction, just network access. Patch immediately. Full breakdown 👇 orca.security/resources/blog…
1
168
🚨 CRITICAL: PhpSpreadsheet CVE-2026-45034 (CVSS 9.8) The previous patch for CVE-2026-34084 was bypassed. Attackers can achieve full RCE with no authentication, and a public PoC is already out. Patch to 1.30.5 now 👇 orca.security/resources/blog…
7
584
🚨 CRITICAL: Langflow CVE-2026-5027 (CVSS 8.8) Unauthenticated attackers can achieve full RCE with a single request, no credentials needed. ~7,000 instances are publicly exposed and active exploitation is confirmed. Patch to 1.10.0 now. Full breakdown 👇 orca.security/resources/blog…
2
71
3 of the top 4 causes of cloud breaches last year were identity-related. Orca AWS IAM Access Analyzer brings all your external, internal, and unused access findings into one place, with the asset context to actually act on them. Read more: orca.security/resources/blog…
0:05
1
38
🚨 Critical Jupyter Enterprise Gateway vulnerabilities: full Kubernetes cluster takeover possible Two CVSS 10.0, one CVSS 9.8. RCE, privileged pod creation, and full cluster compromise via YAML and template injection. No auth required. Upgrade now: orca.security/resources/blog…
1
54
🚨 Active PyPI supply chain attack: 26 packages compromised The "Hades Campaign" runs malicious code at Python startup, no import required. Silently harvests AWS, GCP, Azure, GitHub, SSH keys, and more. Full breakdown package list: orca.security/resources/blog…
2
3
394
Security has all the data, all the answers. But if you can't translate that into business language, nothing changes. Blue Yonder needed a translator. Orca became one. Read how → orca.security/resources/case…
1
42
#ZenithLive is almost here! Find us at booth S6 for cloud security convos and yes, of course, Orca swag. Come hang with the Orca Pod! We can't wait to see you! 👋 Join us for our Happy Hour on June 9th too 🍹 Grab your spot here → guidepointsecurity.com/zenit…
1
72
🚨 Critical WordPress flaw: 150,000 sites vulnerable to admin takeover Attackers exploit a broken password reset in the Kirki plugin to hijack accounts — no credentials needed. On Kirki 6.0.0–6.0.6? Patch to 6.0.7 now. Full breakdown: orca.security/resources/blog…
2
105
Orca Sensor is now available for FedRAMP-authorized environments. 🎉 Runtime visibility, behavioral telemetry, real-time workload monitoring. The proof of security that FedRAMP and NIST 800-53 actually require. Here's how it works: orca.security/resources/blog…
0:20
1
118
🚨 Red Hat npm packages were backdoored with a credential-stealing worm that runs on npm install, silently sweeping AWS, GCP, Azure keys, SSH keys, Kubernetes configs, and more. Affected? Rotate your credentials now. Full breakdown package list: orca.security/resources/blog…
3
161
Heading to #ZenithLive? Come hang with us and @GuidePointSec at our Happy Hour June 9th. Talk Zero Trust, SASE, and cloud security over drinks. Spots are limited, grab yours: guidepointsecurity.com/zenit… Can't make it? Find us at booth S6. Good convos and Orca swag await.
1
2
69
🚨 Critical vulnerability alert: CVE-2026-27771 Your private container images might not be so private. CVE-2026-27771 lets anyone pull private Gitea images with zero credentials. Source code, API keys, database passwords... all exposed. How to fix: orca.security/resources/blog…
1
1
5
826
Orca Security is now distributed through TD SYNNEX, and we're kicking things off with a live webinar tomorrow. Come see the platform, the opportunity, and how to get involved. 📅 Wednesday, May 27 | 2:30 PM ET 🔗 Register here: try.orca.security/Orca-TDSyn…
2
117
🚨 Critical Unauthenticated RCE in Kopia Backup A critical vulnerability, CVE-2026-45695 (CVSS 9.8), affects Kopia's HTTP server v0.22.3 and earlier. One unauthenticated HTTP request = arbitrary code execution. Upgrade to v0.23.0 now. 👉 orca.security/resources/blog…
1
2
186
🚨 Critical Drupal SQL Injection Exposes Sites to RCE CVE-2026-9082 affects Drupal core 8.9.0 through 11.3.9. No auth required, and the Drupal Security Team warns exploits could emerge within hours. Patch now. How Orca can help: orca.security/resources/blog…
2
222
⚠️ "PoolSlip" NGINX Exploit Revives Unpatched Remote Code Execution Risk RCE is still achievable, a PoC is already public, and no vendor patch exists yet. If NGINX is in your stack, review your configs now. How Orca can help: orca.security/resources/blog…
1
206
🚨 Critical Pre-Auth RCE in ChromaDB Threatens AI Infrastructure CVE-2026-45829 (CVSS 10.0) allows unauthenticated attackers to execute arbitrary code on ChromaDB servers. 73% of exposed instances are vulnerable. Full breakdown and how Orca can help: orca.security/resources/blog…
2
125
🚨 Critical Alert CVE-2026-46354 lets attackers bypass Coder's signature verification and walk away with your SSH keys & OAuth tokens. Zero auth needed. We broke it down, and what to do about it 👇 orca.security/resources/blog…
1
133
AI-curious vs. AI-first. There's a big difference, and we're talking about it in Boston. Join us for an invite-only gathering of execs and AI practitioners focused on turning AI adoption into real, measurable business outcomes. Part of #BOSTechWeek. 👉 partiful.com/e/DrBDo76R1XpzJ…
1
2
54
Load more