Orca Security

🔐 Why do so many AppSec programs fail even after investing in best-in-class tools? It's not the technology. It's the foundation underneath it. The most successful application security programs don't start with a platform purchase. They start with people, then process, then technology, in that order. In our latest blog, Roee Shohat breaks down how to build an AppSec program that actually works: ✅ How Security Champions programs scale security across large dev teams ✅ What makes a security policy effective (vs. ignored) ✅ How to integrate security into developer workflows without creating friction ✅ Where technology fits in and how to make it a force multiplier Whether you're starting from scratch or rethinking an existing program, this is the organizational playbook you need. 👉  Roee Shohat breaks down how to build an AppSec program that actually sticks: https://lnkd.in/g2viCVsB

🚨 CRITICAL ALERT FOR SECURITY TEAMS: CVE-2026-1731 A critical vulnerability (CVE-2026-1731, CVSS 9.9) was publicly disclosed affecting BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA). The flaw allows unauthenticated attackers to achieve full remote code execution via a crafted WebSocket message (WebSocket is a persistent, bidirectional communication channel between a client and server, commonly used for real-time features) sent to an internet-facing endpoint, requiring no credentials, no user interaction, and only low complexity. Immediate patching is required. Our research team broke down everything you need to know, the root cause, the attack flow, and exactly what to do right now. 👉 Read the full breakdown: https://lnkd.in/gyqQQ4Wx

We're proud to be named a Strong Performer in The Forrester Wave™: Cloud Native Application Protection Solutions, Q1 2026! 🎉 Among top CNAPP offerings in the market, Orca landed the highest possible scores in 6 criteria, and received above-average customer feedback – which, to us, is a reflection of our focus on real-world cloud security outcomes. Here's what Forrester’s evaluation had to say about Orca: ✅ "Agentless CWP is powerful for alerts on compute resources, as well as vulnerability and threat detection." ✅ "CIEM capabilities provide useful and visually pleasing access graphs, showing relationships between machine and human identities and data assets." ✅ "Customers like the speediness of Orca Security's response to tech support cases..." Our customer obsession continues to drive everything we build. Learn more about what this recognition means for cloud security teams: https://lnkd.in/g4dpDMK7

We forced GitHub to prompt-inject itself. It allowed us to control Copilot's responses and exfiltrate Codespaces' GITHUB_TOKEN secret. The end result was a repository takeover. This vulnerability is a type of Passive Prompt Injection, where malicious instructions are embedded in data, content, or environments that the model later processes automatically, without any direct interaction from the attacker. This represents a new class of AI-mediated supply chain attacks, one that every developer and security team needs to understand. Roi Nisimi breaks down the full attack chain in our latest research. 🔗: https://lnkd.in/gQfhDHbH

Some matches just work. That’s why we’re grateful for Amazon Web Services (AWS) — our perfect cloud security match. They deliver world-class infrastructure. We add unified visibility and intelligent insight. Together, we help organizations move faster and simplify security across AWS. Happy Valentine’s Day ❤️

🔒 Tired of security slowing down development? Orca MCP Server changes the game by bringing security expertise directly into your IDE, no context switching, no separate tools, just security where the code is written. In this blog, we explore how "shifting left" actually works when you eliminate friction: ✓ Security tickets? Fixed in minutes, not hours  ✓ Infrastructure hardening? Systematic and automated  ✓ Developer experience? Finally, it's seamless Junninho Thomas shares how one simple prompt can replace an entire workflow: https://lnkd.in/g_Rak35x

Your old security playbook won't work in the AI era. AI doesn't just increase risk. It scales it exponentially. If engineers are moving faster than ever, your attack surface is growing orders of magnitude faster than your security team. In a new article, Orca CEO and Co-founder Gil Geron explores what CISOs actually need to do differently. It's not about buying more tools. It's about rebuilding visibility, architecting security into systems, and shifting from observation to action. Read the full breakdown on what it takes to stay relevant in the AI era ⤵️ https://lnkd.in/gmW9F_96

🚨 CRITICAL ALERT: Vulnerability Found in Local Path Provisioner A critical vulnerability (CVE-2025-62878, CVSS 10.0) was disclosed on February 4, 2026 affecting all versions of Rancher's Local Path Provisioner prior to v0.0.34, the default storage backend for every K3s cluster. The flaw allows authenticated attackers to read, write, and delete arbitrary directories on the underlying host filesystem by injecting traversal sequences into a StorageClass path template. How Orca can help: https://lnkd.in/g3rePHs8

We're proud to celebrate our very own John Tavares for being recognized as a 2026 #CRNChannelChief! This recognition highlights the channel leaders who prioritize partner success above all else, and that's exactly what drives everything we do. Here's to empowering partners with the cloud security tools they need to protect their customers. See the full list: https://lnkd.in/gf3n6kTK

As federal agencies accelerate AI adoption to meet the near-term actions outlined in America’s AI Action Plan, the attack surface expands and so do security challenges. On Feb 12 at 1pm ET, join us and Carahsoft for "Securing America's AI Action Plan: Cloud-Native Defense for Federal Multi-Cloud AI." You'll discover:  ✓ How to maintain visibility across AWS, Azure, Google Cloud & Kubernetes  ✓ Why agentless CNAPP is critical for multi-cloud defense ✓ Real strategies for government procurement and cloud security Register here: https://lnkd.in/gGNUEvEZ