Orca Security

Orca Security

https://orca.security
https://www.linkedin.com/company/orca-security/

Orca Security is a privately owned company headquartered in the US, founded in 2019 and employing approximately 480 individuals. Its main product is in computer and network security. The company provides a platform that identifies, prioritizes, and remediates security risks and compliance issues across cloud estates spanning AWS, Azure, Google Cloud, and Kubernetes.

Revenue

Founded

2019

Headcount

478

Headquarters

US

Primary Segment

Computer and Network Security

Ownership

Privately Owned

News Summary:

On February 5, 2026, Orca Security reported that the automatic execution of VS Code-integrated configuration files when opening a repository or pull request in GitHub Codespaces could lead to supply chain attacks. The firm also uncovered attack vectors that enable remote code execution (RCE) through opening malicious repositories or pull requests, allowing for code execution, credential theft, and access to sensitive resources without explicit user approval. This follows Orca Research Pod's earlier disclosure on February 4, 2026, of these multiple attack vectors in GitHub Codespaces, which detailed how abusing VS Code-integrated configuration files could enable adversaries to execute arbitrary commands, exfiltrate GitHub tokens and secrets, and access premium Copilot models. Previously, on February 3, 2026, Orca integrated with Tencent Cloud, becoming the first third-party Cloud Native Application Protection Platform (CNAPP) to support agentless security assessments for Tencent Cloud workloads, enabling customers to identify, prioritize, and remediate risks across their environments.

Similar Companies

Subscribe for full access to Orca Security's profile

Orca Security offers products in the telecoms tech industry. Orca Security's product portfolio comprises of enterprise security.

Subscribe for full access to Orca Security's products in full detail

Subscribe for full access to Orca Security's revenue in full detail

Feb

11th

2026

08:20

Artificial Intelligence, B2B Tag

Getting Ready for the AI Era: A CISO’s Guide to AI Security Strategy

The AI Era Is a Scale Problem — And CISOs Can’t Solve It the Old Way Every major technology shift forces security teams to relearn the same lesson: Risk doesn’t grow linearly — it explodes. AI is no different, except for one thing that is fundamentally new: scale.

Feb

10th

2026

15:20

Episode 6: Getting started in tech evangelism

Introduction Welcome to The Job Security Podcast, where we explore the unique perspectives and stories of the people who make the cybersecurity industry what it is. This week, we’re diving into a role that’s often mysterious and difficult to break into: tech evangelism.

Feb

10th

2026

09:43

Path Traversal in Rancher Local Path Provisioner Enables Host Filesystem Compromise Across K3s Clusters

Introduction A critical vulnerability ( CVE-2025-62878 , CVSS 10.0) was disclosed on February 4, 2026 affecting all versions of Rancher’s Local Path Provisioner prior to v0.0.34 , the default storage backend for every K3s cluster. The flaw allows authenticated attackers to read, write, and delete arbitrary directories on the underlying host filesystem by injecting traversal sequences into a StorageClass path template.

Feb

10th

2026

08:20

Artificial Intelligence, B2B Tag

Shifting Left with Orca MCP: The Developer’s AI Security Partner

In Part 1 , we explored how the Orca MCP (Model Context Protocol) Server bridges the gap between AI and your security data, allowing analysts to perform deep security investigations using simple conversational prompts. But for security to truly scale, it needs to move upstream to where the code is written.

Feb

9th

2026

08:34

7 Best Container Image Security Platforms for 2026

Container image security is no longer a niche concern limited to DevSecOps teams. By 2026, it will have become a foundational element of cloud security architecture, directly influencing risk exposure, operational cost, and delivery velocity across engineering organizations.

Feb

5th

2026

15:54

Emerging Tech, B2B Tag

VS Code Configs Expose GitHub Codespaces to Attacks

VS Code-integrated configuration files are automatically executed in Codespaces when the user opens a repository or pull request. The automatic execution of VS Code-integrated configuration files when opening a repository or pull request in GitHub Codespaces could lead to supply chain attacks, Orca Security reports.

Feb

5th

2026

09:00

Malicious Commands in GitHub Codespaces Enable RCE

A set of attack vectors in GitHub Codespaces have been uncovered that enable remote code execution (RCE) by opening a malicious repository or pull request. The findings by Orca Security, show how default behaviours in the cloud-based development service can be abused to execute code, steal credentials and access sensitive resources without explicit user approval.

Infosecurity Magazine

Feb

5th

2026

08:11

Procurement and Sales

VS Code Configs Expose GitHub Codespaces to Attacks

The automatic execution of VS Code-integrated configuration files when opening a repository or pull request in GitHub Codespaces could lead to supply chain attacks, Orca Security reports. A cloud-hosted developer environment, Codespaces allows users to create a fully configured Visual Studio Code instance almost instantly, providing them with tight repository integration and container support.

Feb

4th

2026

08:20

Hacking GitHub Codespaces via VS Code Defaults: A Supply-Chain Attack Vector

Executive Summary The Orca Research Pod has uncovered multiple attack vectors in GitHub Codespaces that allow remote code execution (RCE) simply by opening a malicious repository or pull request. By abusing VSCode-integrated configuration files that Codespaces automatically respects, an adversary can execute arbitrary commands, exfiltrate GitHub tokens and secrets, and even abuse hidden APIs to access premium Copilot models.

Feb

3rd

2026

12:13

First third-party CNAPP to integrate with Tencent Cloud: Orca expands multi-cloud security and compliance with dynamic risk prioritization baked in

Today, we’re excited to announce that Orca can be integrated with Tencent Cloud . This makes Orca the first third-party Cloud Native Application Protection Platform (CNAPP) to support agentless security assessments of Tencent Cloud workloads. Customers can rapidly deploy Orca to identify, prioritize, and remediate risks across their Tencent Cloud environments.

Feb

3rd

2026

11:43

Critical RCE in vLLM Allows Server Takeover via Malicious Video URL (CVE-2026-22778)

Introduction A critical vulnerability ( CVE-2026-22778 , CVSS 9.8) was disclosed on February 2, 2026, affecting vLLM , a widely-deployed Python library for serving large language models. The flaw allows unauthenticated attackers to achieve remote code execution by sending a specially crafted video URL to the API.

Feb

3rd

2026

09:00

Emerging Tech, B2B Tag

The Productivity Catalyst: How Context-Aware Security Unlocks Developer Velocity

In traditional DevOps models, security is often perceived as a “tax” on innovation. It is often seen as a necessary friction that slows down release cycles with endless lists of vulnerabilities. For the CTO, speed is currency.

Orca Security has partners like Lumen Technologies. Orca Security has suppliers like OpenAI.

Example Suppliers

Subscribe for full access to Orca Security's profile

Example Partners

Subscribe for full access to Orca Security's profile

Analyst insight reports

AV broadcast: learning from the best

Understanding personalisation and recommendation

New formats, new devices

IBC 2025 – an industry reinventing itself, slowly

Subscribe to access all analyst insight reports