Cloud Security Research & Threat Intelligence

Massive PyPI Supply Chain Attack Harvests Cloud Credentials via Python Startup Hooks

A coordinated supply chain attack targeting PyPI has compromised 26 packages (37 malicious wheel files) across bioinformatics, graph ML, deep-learning, and developer tooling ecosystems. Dubbed the “Hades Campaign” and attributed to the Miasma/Shai-Hulud threat lineage, the attack exploits a legitimate Python feature to execute malicious code at interpreter startup, aggressively harvesting cloud credentials and exfiltrating …

June 08, 2026
By The Orca Research Pod

Latest

All Latest

Explore

Discovered Vulnerabilities

Cyber-themed illustration of a Linux SMB3 server with a broken padlock, symbolizing a missing lock vulnerability in ksmbd.

CVE-2026-23226: How a Missing Lock in ksmbd’s Channel List Exposes Your Linux SMB3 Server

Overview The Orca Security Research Pod discovered a use-after-free race condition in the Linux kernel’s ksmbd SMB3 server. When two connections share a session over SMB3 multichannel, the kernel can read a freed channel struct – exposing the per-channel AES-128-CMAC signing key and causing a kernel panic. An attacker needs valid SMB credentials and network …

April 08, 2026
By Igor Stepansky

A stylized graphic of a pickle smashing into a pipeline

Pickle in the Pipeline: Critical RCE Vulnerabilities in SGLang’s LLM Serving Framework

March 11, 2026

Stylized 3D visualization of an active cybersecurity exploit featuring glowing red computer code fragments and a central target aperture.

Actively Exploited Chrome Zero-Day May Impact Enterprise, Developer, and Automation Environments

February 23, 2026

A stylized graphic of ominous clouds with a digitized skull on top

RoguePilot: Exploiting GitHub Copilot for a Repository Takeover

February 16, 2026

A stylized graphic of a distorted pull request from GitHub on top of ominous clouds

Hacking GitHub Codespaces via VS Code Defaults: A Supply-Chain Attack Vector

February 04, 2026

All Discovered Vulnerabilities

In the News

All In the News

2026 State of Application Security Report: When Development Velocity Outpaces Security

Get the Report

Massive PyPI Supply Chain Attack Harvests Cloud Credentials via Python Startup Hooks

Latest

Critical WordPress Plugin Vulnerability Allows Unauthenticated Admin Takeover on 150K Sites

Critical Netlogon RCE Flaw Actively Exploited Against Windows Domain Controllers

Red Hat npm Packages Compromised in Supply-Chain Attack Spreading Credential-Stealing Worm

Critical RCE in LiquidJS Lets Attackers Execute Arbitrary Commands on Unpatched Hosts

Explore

Discovered Vulnerabilities

CVE-2026-23226: How a Missing Lock in ksmbd’s Channel List Exposes Your Linux SMB3 Server

Pickle in the Pipeline: Critical RCE Vulnerabilities in SGLang’s LLM Serving Framework

Actively Exploited Chrome Zero-Day May Impact Enterprise, Developer, and Automation Environments

RoguePilot: Exploiting GitHub Copilot for a Repository Takeover

Hacking GitHub Codespaces via VS Code Defaults: A Supply-Chain Attack Vector

‘Orca Watch’ Series

Massive PyPI Supply Chain Attack Harvests Cloud Credentials via Python Startup Hooks

Critical WordPress Plugin Vulnerability Allows Unauthenticated Admin Takeover on 150K Sites

Critical Netlogon RCE Flaw Actively Exploited Against Windows Domain Controllers

Red Hat npm Packages Compromised in Supply-Chain Attack Spreading Credential-Stealing Worm

Critical RCE in LiquidJS Lets Attackers Execute Arbitrary Commands on Unpatched Hosts

Technical Deep Dives

CVE-2026-23226: How a Missing Lock in ksmbd’s Channel List Exposes Your Linux SMB3 Server

Supply Chain Attack on Axios Delivers Cross-Platform RAT via Compromised npm Account

Post-Exploitation at Scale: The Rise of AILM

Watch the Typo: Our PoC Exploit for Typosquatting in GitHub Actions

Kubernetes Testing Environment: An Open Source Resilience Platform for EKS, GKE and AKS

Thought Leadership

Orca Security Recognized in the 2026 TAG Enterprise AI Security Handbook

Navigating Cloud Security in 2026: Join Cloud Security LIVE

Anthropic’s Project Glasswing Is a Positive Step Toward Cleaner, Safer Production

AI Is Entering Your Infrastructure. Now what?

Beyond the Sticker Price: Understanding the True Cost of Your Security Tools

In the News

The 10 Hottest Cybersecurity Tools And Products Of 2025 (So Far)

From ’Shadow AI’ To Agentic Anarchy, AI-SPM Is Key To Visibility: Experts

Cloud security faces mounting threats, Orca warns

2026 State of Application Security Report: When Development Velocity Outpaces Security

Featured

Massive PyPI Supply Chain Attack Harvests Cloud Credentials via Python Startup Hooks

Latest

Critical WordPress Plugin Vulnerability Allows Unauthenticated Admin Takeover on 150K Sites

Critical Netlogon RCE Flaw Actively Exploited Against Windows Domain Controllers

Red Hat npm Packages Compromised in Supply-Chain Attack Spreading Credential-Stealing Worm

Critical RCE in LiquidJS Lets Attackers Execute Arbitrary Commands on Unpatched Hosts

Discovered Vulnerabilities

CVE-2026-23226: How a Missing Lock in ksmbd’s Channel List Exposes Your Linux SMB3 Server

Pickle in the Pipeline: Critical RCE Vulnerabilities in SGLang’s LLM Serving Framework

Actively Exploited Chrome Zero-Day May Impact Enterprise, Developer, and Automation Environments

RoguePilot: Exploiting GitHub Copilot for a Repository Takeover

Hacking GitHub Codespaces via VS Code Defaults: A Supply-Chain Attack Vector

‘Orca Watch’ Series

Massive PyPI Supply Chain Attack Harvests Cloud Credentials via Python Startup Hooks

Critical WordPress Plugin Vulnerability Allows Unauthenticated Admin Takeover on 150K Sites

Critical Netlogon RCE Flaw Actively Exploited Against Windows Domain Controllers

Red Hat npm Packages Compromised in Supply-Chain Attack Spreading Credential-Stealing Worm

Critical RCE in LiquidJS Lets Attackers Execute Arbitrary Commands on Unpatched Hosts

Technical Deep Dives

CVE-2026-23226: How a Missing Lock in ksmbd’s Channel List Exposes Your Linux SMB3 Server

Supply Chain Attack on Axios Delivers Cross-Platform RAT via Compromised npm Account

Post-Exploitation at Scale: The Rise of AILM

Watch the Typo: Our PoC Exploit for Typosquatting in GitHub Actions

Kubernetes Testing Environment: An Open Source Resilience Platform for EKS, GKE and AKS

Thought Leadership

Orca Security Recognized in the 2026 TAG Enterprise AI Security Handbook

Navigating Cloud Security in 2026: Join Cloud Security LIVE

Anthropic’s Project Glasswing Is a Positive Step Toward Cleaner, Safer Production

AI Is Entering Your Infrastructure. Now what?

Beyond the Sticker Price: Understanding the True Cost of Your Security Tools

The 10 Hottest Cybersecurity Tools And Products Of 2025 (So Far)

From ’Shadow AI’ To Agentic Anarchy, AI-SPM Is Key To Visibility: Experts

Cloud security faces mounting threats, Orca warns

2026 State of Application Security Report: When Development Velocity Outpaces Security