The Leader in Cloud Security Research

Abstract cyberpunk illustration of a green energy conduit breaking outward from inside a secure data cube to snatch a glowing digital key, representing an SSRF vulnerability and credential theft.

Kyverno SSRF: Breaking Kubernetes Namespace Isolation (CVE-2026-4789)

A critical SSRF (Server-Side Request Forgery, where an attacker tricks a server into making HTTP requests on their behalf) vulnerability affects Kyverno versions 1.16.0 and later. Users with namespace-scoped permissions can make arbitrary HTTP requests from the Kyverno admission controller pod, bypassing Kubernetes RBAC entirely. This enables access to internal cluster services, cross-namespace data theft, …

April 09, 2026
By Igor Stepansky

Latest

All Latest

Discovered Vulnerabilities

Cyber-themed illustration of a Linux SMB3 server with a broken padlock, symbolizing a missing lock vulnerability in ksmbd.

CVE-2026-23226: How a Missing Lock in ksmbd's Channel List Exposes Your Linux SMB3 Server

Overview The Orca Security Research Pod discovered a use-after-free race condition in the Linux kernel's ksmbd SMB3 server. When two connections share a session over SMB3 multichannel, the kernel can read a freed channel struct – exposing the per-channel AES-128-CMAC signing key and causing a kernel panic. An attacker needs valid SMB credentials and network …

April 08, 2026
By Igor Stepansky

A stylized graphic of a pickle smashing into a pipeline

Pickle in the Pipeline: Critical RCE Vulnerabilities in SGLang's LLM Serving Framework

March 11, 2026

Stylized 3D visualization of an active cybersecurity exploit featuring glowing red computer code fragments and a central target aperture.

Actively Exploited Chrome Zero-Day May Impact Enterprise, Developer, and Automation Environments

February 23, 2026

A stylized graphic of a distorted pull request from GitHub on top of ominous clouds

Hacking GitHub Codespaces via VS Code Defaults: A Supply-Chain Attack Vector

February 04, 2026

New runC Vulnerabilities Expose Docker and Kubernetes to Container Escape Attacks

November 10, 2025

All Discovered Vulnerabilities

2026 State of Application Security Report: When Development Velocity Outpaces Security

Get the Report

Kyverno SSRF: Breaking Kubernetes Namespace Isolation (CVE-2026-4789)

Latest

CVE-2026-23226: How a Missing Lock in ksmbd's Channel List Exposes Your Linux SMB3 Server

2026 State of AppSec: When Development Velocity Outpaces Security

Supply Chain Attack on Axios Delivers Cross-Platform RAT via Compromised npm Account

Credential‑Stealing Malware in LiteLLM Supply Chain Attack

Explore

Discovered Vulnerabilities

CVE-2026-23226: How a Missing Lock in ksmbd's Channel List Exposes Your Linux SMB3 Server

Pickle in the Pipeline: Critical RCE Vulnerabilities in SGLang's LLM Serving Framework

Actively Exploited Chrome Zero-Day May Impact Enterprise, Developer, and Automation Environments

Hacking GitHub Codespaces via VS Code Defaults: A Supply-Chain Attack Vector

New runC Vulnerabilities Expose Docker and Kubernetes to Container Escape Attacks

‘Orca Watch’ Series

Kyverno SSRF: Breaking Kubernetes Namespace Isolation (CVE-2026-4789)

Credential‑Stealing Malware in LiteLLM Supply Chain Attack

CanisterWorm: When a CI/CD Breach Became a Self-Spreading npm Worm

HackerBot-Claw: An AI-Assisted Campaign Targeting GitHub Actions Pipelines

Four Critical SolarWinds Serv-U RCE Flaws Enable Root Access

Technical Deep Dives

CVE-2026-23226: How a Missing Lock in ksmbd's Channel List Exposes Your Linux SMB3 Server

Supply Chain Attack on Axios Delivers Cross-Platform RAT via Compromised npm Account

Post-Exploitation at Scale: The Rise of AILM

Watch the Typo: Our PoC Exploit for Typosquatting in GitHub Actions

Kubernetes Testing Environment: An Open Source Resilience Platform for EKS, GKE and AKS

Thought Leadership

AI Is Entering Your Infrastructure. Now what?

Beyond the Sticker Price: Understanding the True Cost of Your Security Tools

New Malware Approaches, Same Key Indicators

The Future of AppSec: AI, Context, and Action

Building Application Security from the Ground Up: An Organizational Approach

In the News

The 10 Hottest Cybersecurity Tools And Products Of 2025 (So Far)

From ’Shadow AI’ To Agentic Anarchy, AI-SPM Is Key To Visibility: Experts

Cloud security faces mounting threats, Orca warns

2026 State of Application Security Report: When Development Velocity Outpaces Security

Featured

Kyverno SSRF: Breaking Kubernetes Namespace Isolation (CVE-2026-4789)

Latest

CVE-2026-23226: How a Missing Lock in ksmbd's Channel List Exposes Your Linux SMB3 Server

2026 State of AppSec: When Development Velocity Outpaces Security

Supply Chain Attack on Axios Delivers Cross-Platform RAT via Compromised npm Account

Credential‑Stealing Malware in LiteLLM Supply Chain Attack

Discovered Vulnerabilities

CVE-2026-23226: How a Missing Lock in ksmbd's Channel List Exposes Your Linux SMB3 Server

Pickle in the Pipeline: Critical RCE Vulnerabilities in SGLang's LLM Serving Framework

Actively Exploited Chrome Zero-Day May Impact Enterprise, Developer, and Automation Environments

Hacking GitHub Codespaces via VS Code Defaults: A Supply-Chain Attack Vector

New runC Vulnerabilities Expose Docker and Kubernetes to Container Escape Attacks

‘Orca Watch’ Series

Kyverno SSRF: Breaking Kubernetes Namespace Isolation (CVE-2026-4789)

Credential‑Stealing Malware in LiteLLM Supply Chain Attack

CanisterWorm: When a CI/CD Breach Became a Self-Spreading npm Worm

HackerBot-Claw: An AI-Assisted Campaign Targeting GitHub Actions Pipelines

Four Critical SolarWinds Serv-U RCE Flaws Enable Root Access

Technical Deep Dives

CVE-2026-23226: How a Missing Lock in ksmbd's Channel List Exposes Your Linux SMB3 Server

Supply Chain Attack on Axios Delivers Cross-Platform RAT via Compromised npm Account

Post-Exploitation at Scale: The Rise of AILM

Watch the Typo: Our PoC Exploit for Typosquatting in GitHub Actions

Kubernetes Testing Environment: An Open Source Resilience Platform for EKS, GKE and AKS

Thought Leadership

AI Is Entering Your Infrastructure. Now what?

Beyond the Sticker Price: Understanding the True Cost of Your Security Tools

New Malware Approaches, Same Key Indicators

The Future of AppSec: AI, Context, and Action

Building Application Security from the Ground Up: An Organizational Approach

The 10 Hottest Cybersecurity Tools And Products Of 2025 (So Far)

From ’Shadow AI’ To Agentic Anarchy, AI-SPM Is Key To Visibility: Experts

Cloud security faces mounting threats, Orca warns

2026 State of Application Security Report: When Development Velocity Outpaces Security