The Leader in Cloud Security Research

A human brain processing real-time cybersecurity threats surrounded by digital data screens and malware warning indicators.

New Malware Approaches, Same Key Indicators

Key Takeaways Introduction The current conversation around AI and malware is dominated by noise. Security leaders are often told that the threat of AI has fundamentally changed compared to just a year or two ago as large language models can now generate near-production grade code, whether this be for development, remediations, or even malware. That …

March 10, 2026
By Eden Nagel

Latest

‘Orca Watch’ Series
HackerBot-Claw: An AI-Assisted Campaign Targeting GitHub Actions Pipelines
- March 04, 2026
Research
Post-Exploitation at Scale: The Rise of AILM
- February 26, 2026
‘Orca Watch’ Series
Four Critical SolarWinds Serv-U RCE Flaws Enable Root Access
- February 24, 2026
Discovered Vulnerabilities
Breaking: Actively Exploited Chrome Zero-Day May Impact Enterprise, Developer, and Automation Environments
- February 23, 2026

All Latest

Discovered Vulnerabilities

Stylized 3D visualization of an active cybersecurity exploit featuring glowing red computer code fragments and a central target aperture.

Breaking: Actively Exploited Chrome Zero-Day May Impact Enterprise, Developer, and Automation Environments

A high-severity vulnerability (CVE-2026-2441, CVSS pending vendor confirmation) has been disclosed in Google Chrome and the Chromium engine, allowing attackers to execute arbitrary code via malicious web content. The vulnerability has been actively exploited in the wild prior to patch release, making immediate updates critical. Technical Details The issue originates from a memory corruption flaw …

February 23, 2026
By Eden Nagel

A stylized graphic of a distorted pull request from GitHub on top of ominous clouds

Hacking GitHub Codespaces via VS Code Defaults: A Supply-Chain Attack Vector

February 04, 2026

New runC Vulnerabilities Expose Docker and Kubernetes to Container Escape Attacks

November 10, 2025

A stylized graphic of the word CVE Alert next to a broken cog

CVE-2025-59287 Explained: Critical WSUS RCE Vulnerability Actively Exploited

October 26, 2025

A stylized graphic of a pull request from GitHub with a hole in it and data leaking out

pull_request_nightmare Part 2: Exploiting GitHub Actions for RCE and Supply Chain

September 30, 2025

All Discovered Vulnerabilities

New Malware Approaches, Same Key Indicators

Latest

HackerBot-Claw: An AI-Assisted Campaign Targeting GitHub Actions Pipelines

Post-Exploitation at Scale: The Rise of AILM

Four Critical SolarWinds Serv-U RCE Flaws Enable Root Access

Breaking: Actively Exploited Chrome Zero-Day May Impact Enterprise, Developer, and Automation Environments

Explore

Discovered Vulnerabilities

Breaking: Actively Exploited Chrome Zero-Day May Impact Enterprise, Developer, and Automation Environments

Hacking GitHub Codespaces via VS Code Defaults: A Supply-Chain Attack Vector

New runC Vulnerabilities Expose Docker and Kubernetes to Container Escape Attacks

CVE-2025-59287 Explained: Critical WSUS RCE Vulnerability Actively Exploited

pull_request_nightmare Part 2: Exploiting GitHub Actions for RCE and Supply Chain

‘Orca Watch’ Series

HackerBot-Claw: An AI-Assisted Campaign Targeting GitHub Actions Pipelines

Four Critical SolarWinds Serv-U RCE Flaws Enable Root Access

Critical CVE-2026-1731 Vulnerability in BeyondTrust Remote Support and PRA Exposes Systems to Remote Code Execution

Path Traversal in Rancher Local Path Provisioner Enables Host Filesystem Compromise Across K3s Clusters

Critical RCE in vLLM Allows Server Takeover via Malicious Video URL (CVE-2026-22778)

Technical Deep Dives

Post-Exploitation at Scale: The Rise of AILM

Watch the Typo: Our PoC Exploit for Typosquatting in GitHub Actions

Kubernetes Testing Environment: An Open Source Resilience Platform for EKS, GKE and AKS

Meet AI Goat: The First Open Source AI Security Learning Environment Based on the OWASP Top 10 ML Risks

The Five Most Common AI Model Risks and How to Prevent Them

Thought Leadership

New Malware Approaches, Same Key Indicators

The Future of AppSec: AI, Context, and Action

Building Application Security from the Ground Up: An Organizational Approach

Where to Start Your Cloud Security Program: CSPM, CWPP, or Runtime Data? A Modern Guide to CNAPP Maturity

The Cloud's Year-End Confessions: What Really Happened in 2025

In the News

The 10 Hottest Cybersecurity Tools And Products Of 2025 (So Far)

From ’Shadow AI’ To Agentic Anarchy, AI-SPM Is Key To Visibility: Experts

Cloud security faces mounting threats, Orca warns

2025 State of Cloud Security Report: Hunting threats in the age of relentless risk

Featured

New Malware Approaches, Same Key Indicators

Latest

HackerBot-Claw: An AI-Assisted Campaign Targeting GitHub Actions Pipelines

Post-Exploitation at Scale: The Rise of AILM

Four Critical SolarWinds Serv-U RCE Flaws Enable Root Access

Breaking: Actively Exploited Chrome Zero-Day May Impact Enterprise, Developer, and Automation Environments

Discovered Vulnerabilities

Breaking: Actively Exploited Chrome Zero-Day May Impact Enterprise, Developer, and Automation Environments

Hacking GitHub Codespaces via VS Code Defaults: A Supply-Chain Attack Vector

New runC Vulnerabilities Expose Docker and Kubernetes to Container Escape Attacks

CVE-2025-59287 Explained: Critical WSUS RCE Vulnerability Actively Exploited

pull_request_nightmare Part 2: Exploiting GitHub Actions for RCE and Supply Chain

‘Orca Watch’ Series

HackerBot-Claw: An AI-Assisted Campaign Targeting GitHub Actions Pipelines

Four Critical SolarWinds Serv-U RCE Flaws Enable Root Access

Critical CVE-2026-1731 Vulnerability in BeyondTrust Remote Support and PRA Exposes Systems to Remote Code Execution

Path Traversal in Rancher Local Path Provisioner Enables Host Filesystem Compromise Across K3s Clusters

Critical RCE in vLLM Allows Server Takeover via Malicious Video URL (CVE-2026-22778)

Technical Deep Dives

Post-Exploitation at Scale: The Rise of AILM

Watch the Typo: Our PoC Exploit for Typosquatting in GitHub Actions

Kubernetes Testing Environment: An Open Source Resilience Platform for EKS, GKE and AKS

Meet AI Goat: The First Open Source AI Security Learning Environment Based on the OWASP Top 10 ML Risks

The Five Most Common AI Model Risks and How to Prevent Them

Thought Leadership

New Malware Approaches, Same Key Indicators

The Future of AppSec: AI, Context, and Action

Building Application Security from the Ground Up: An Organizational Approach

Where to Start Your Cloud Security Program: CSPM, CWPP, or Runtime Data? A Modern Guide to CNAPP Maturity

The Cloud's Year-End Confessions: What Really Happened in 2025

The 10 Hottest Cybersecurity Tools And Products Of 2025 (So Far)

From ’Shadow AI’ To Agentic Anarchy, AI-SPM Is Key To Visibility: Experts

Cloud security faces mounting threats, Orca warns

2025 State of Cloud Security Report: Hunting threats in the age of relentless risk