The Leader in Cloud Security Research

An illustration of clouds with the number 10 superimposed with a wasp symbol

OWASP Top 10 2025: Key Changes and What They Mean for Application Security

The OWASP Top 10 2025 release candidate is here, marking an important milestone in the evolution of application security best practices. Published for public review and revision, this candidate list offers an early look at the most critical risks shaping today’s application landscape before the final version is ratified. As one of the most trusted …

November 20, 2025
By Bar Kaduri

Latest

Thought Leadership
Part 2: Attackers Love Your GitHub Actions Too
- November 13, 2025
Thought Leadership
Part 1: Attackers Love Your GitHub Actions Too
- November 12, 2025
Research
New runC Vulnerabilities Expose Docker and Kubernetes to Container Escape Attacks
- November 10, 2025
Research
CVE-2025-59287 Explained: Critical WSUS RCE Vulnerability Actively Exploited
- October 26, 2025

All Latest

Latest

Explore

Discovered Vulnerabilities

New runC Vulnerabilities Expose Docker and Kubernetes to Container Escape Attacks

This week, three new high-severity vulnerabilities were revealed in runC, the fundamental runtime technology used by most container platforms. This impacts major systems such as Docker, containerd, Kubernetes, and virtually all managed Kubernetes services offered by major cloud providers. These vulnerabilities combined allow for a container escape, where a malicious factor can break out of …

November 10, 2025
By Shir Sadon

A stylized graphic of the word CVE Alert next to a broken cog

CVE-2025-59287 Explained: Critical WSUS RCE Vulnerability Actively Exploited

October 26, 2025

A stylized graphic of a pull request from GitHub with a hole in it and data leaking out

pull_request_nightmare Part 2: Exploiting GitHub Actions for RCE and Supply Chain

September 30, 2025

A stylized graphic showing a pull request window with malicious code

pull_request_nightmare Part 1: Exploiting GitHub Actions for RCE and Supply Chain Attacks

September 24, 2025

A stylized graphic of floating packages in a dark cloud background

Massive npm Malware Campaign Infects Popular Packages, @ctrl/tinycolor Affected

September 16, 2025

All Discovered Vulnerabilities

Explore

In the News

All In the News

Featured

OWASP Top 10 2025: Key Changes and What They Mean for Application Security

Latest

Part 2: Attackers Love Your GitHub Actions Too

Part 1: Attackers Love Your GitHub Actions Too

New runC Vulnerabilities Expose Docker and Kubernetes to Container Escape Attacks

CVE-2025-59287 Explained: Critical WSUS RCE Vulnerability Actively Exploited

Latest

Discovered Vulnerabilities

New runC Vulnerabilities Expose Docker and Kubernetes to Container Escape Attacks

CVE-2025-59287 Explained: Critical WSUS RCE Vulnerability Actively Exploited

pull_request_nightmare Part 2: Exploiting GitHub Actions for RCE and Supply Chain

pull_request_nightmare Part 1: Exploiting GitHub Actions for RCE and Supply Chain Attacks

Massive npm Malware Campaign Infects Popular Packages, @ctrl/tinycolor Affected

‘Orca Watch’ Series

New ‘ToolShell’ Exploit Chain Targets SharePoint Servers via CVE-2025-53770 and CVE-2025-53771

Security Briefing: Apache Struts Vulnerability CVE-2024-53677

Mitigating CVE 2024-38063: Critical RCE Vulnerability On Windows Systems With IPv6

Addressing CrowdStrike on Cloud VMs in AWS with Automated Remediation

How to Remediate CrowdStrike Falcon Windows Outages with Orca

Technical Deep Dives

Watch the Typo: Our PoC Exploit for Typosquatting in GitHub Actions

Kubernetes Testing Environment: An Open Source Resilience Platform for EKS, GKE and AKS

Meet AI Goat: The First Open Source AI Security Learning Environment Based on the OWASP Top 10 ML Risks

The Five Most Common AI Model Risks and How to Prevent Them

Leveraging Nuclei Templates to Identify Risks and Threats in Critical Cloud Applications

Thought Leadership

OWASP Top 10 2025: Key Changes and What They Mean for Application Security

Part 2: Attackers Love Your GitHub Actions Too

Part 1: Attackers Love Your GitHub Actions Too

Supply Chain Attacks: What Are They and Why Should You Care?

10 Most Popular AI Models of 2025

The 10 Hottest Cybersecurity Tools And Products Of 2025 (So Far)

From ’Shadow AI’ To Agentic Anarchy, AI-SPM Is Key To Visibility: Experts

Cloud security faces mounting threats, Orca warns

2025 State of Cloud Security Report: Hunting threats in the age of relentless risk

The 10 Hottest Cybersecurity Tools And Products Of 2025 (So Far)

From ’Shadow AI’ To Agentic Anarchy, AI-SPM Is Key To Visibility: Experts

Cloud security faces mounting threats, Orca warns

2025 State of Cloud Security Report: Hunting threats in the age of relentless risk

Featured

OWASP Top 10 2025: Key Changes and What They Mean for Application Security

Latest

Part 2: Attackers Love Your GitHub Actions Too

Part 1: Attackers Love Your GitHub Actions Too

New runC Vulnerabilities Expose Docker and Kubernetes to Container Escape Attacks

CVE-2025-59287 Explained: Critical WSUS RCE Vulnerability Actively Exploited

Discovered Vulnerabilities

New runC Vulnerabilities Expose Docker and Kubernetes to Container Escape Attacks

CVE-2025-59287 Explained: Critical WSUS RCE Vulnerability Actively Exploited

pull_request_nightmare Part 2: Exploiting GitHub Actions for RCE and Supply Chain

pull_request_nightmare Part 1: Exploiting GitHub Actions for RCE and Supply Chain Attacks

Massive npm Malware Campaign Infects Popular Packages, @ctrl/tinycolor Affected

‘Orca Watch’ Series

New ‘ToolShell’ Exploit Chain Targets SharePoint Servers via CVE-2025-53770 and CVE-2025-53771

Security Briefing: Apache Struts Vulnerability CVE-2024-53677

Mitigating CVE 2024-38063: Critical RCE Vulnerability On Windows Systems With IPv6

Addressing CrowdStrike on Cloud VMs in AWS with Automated Remediation

How to Remediate CrowdStrike Falcon Windows Outages with Orca

Technical Deep Dives

Watch the Typo: Our PoC Exploit for Typosquatting in GitHub Actions

Kubernetes Testing Environment: An Open Source Resilience Platform for EKS, GKE and AKS

Meet AI Goat: The First Open Source AI Security Learning Environment Based on the OWASP Top 10 ML Risks

The Five Most Common AI Model Risks and How to Prevent Them

Leveraging Nuclei Templates to Identify Risks and Threats in Critical Cloud Applications

Thought Leadership

OWASP Top 10 2025: Key Changes and What They Mean for Application Security

Part 2: Attackers Love Your GitHub Actions Too

Part 1: Attackers Love Your GitHub Actions Too

Supply Chain Attacks: What Are They and Why Should You Care?

10 Most Popular AI Models of 2025