惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

C
CXSECURITY Database RSS Feed - CXSecurity.com
Help Net Security
Help Net Security
P
Privacy International News Feed
S
Securelist
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
T
Tor Project blog
AWS News Blog
AWS News Blog
K
Kaspersky official blog
A
Arctic Wolf
Latest news
Latest news
T
Threat Research - Cisco Blogs
L
LINUX DO - 最新话题
P
Privacy & Cybersecurity Law Blog
Security Archives - TechRepublic
Security Archives - TechRepublic
Google DeepMind News
Google DeepMind News
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
月光博客
月光博客
N
News and Events Feed by Topic
Jina AI
Jina AI
博客园 - 司徒正美
WordPress大学
WordPress大学
罗磊的独立博客
雷峰网
雷峰网
AI
AI
Hugging Face - Blog
Hugging Face - Blog
D
Darknet – Hacking Tools, Hacker News & Cyber Security
S
Security @ Cisco Blogs
博客园 - 三生石上(FineUI控件)
H
Heimdal Security Blog
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
酷 壳 – CoolShell
酷 壳 – CoolShell
C
Cisco Blogs
博客园 - 【当耐特】
The Hacker News
The Hacker News
有赞技术团队
有赞技术团队
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
www.infosecurity-magazine.com
www.infosecurity-magazine.com
Schneier on Security
Schneier on Security
博客园 - Franky
S
SegmentFault 最新的问题
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
Cloudbric
Cloudbric
爱范儿
爱范儿
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
S
Secure Thoughts
Last Week in AI
Last Week in AI
Application and Cybersecurity Blog
Application and Cybersecurity Blog
Know Your Adversary
Know Your Adversary
Google DeepMind News
Google DeepMind News

Blog | Orca Security

Langflow RCE Actively Exploited to Deploy Cryptominers on AI Infrastructure Orca MCP: When Text Stops Scaling Kubernetes Compliance Tools: Automating CIS Benchmarks Risk-Based Vulnerability Management for the Cloud: A 2026 Guide Private Cloud Security: Top Risks and Best Practices (2026) What Is Generative AI in Cybersecurity? Best Vulnerability Management Tools and Software in 2026 2026 State of Application Security Report Recap: What the Data Says and What Security Teams Should Do About It AI Security for Sensitive Data: Best Practices and Guidelines Best AI Code Security Solutions 2026: How to Secure AI-Generated Code From Platform to Program: How to Ensure Your Cloud Security Solution Delivers Best AI Cybersecurity Providers 2026: A Buyer's Guide to AI-Powered Security Platforms Join Orca Security at Black Hat USA 2026 CNAPP Tools That Reduce Security Tool Sprawl: CNAPP vs. Dedicated Solutions What Is Container Runtime Security? A Practical Guide 2026 What Is Application Security Testing? Tools and Types What Is Managed Cloud Security? A Practical Guide What Is SaaS Security Posture Management? SSPM Guide Top 10 Cloud Security Standards for Compliance What is the MIT License? Compliance and Comparisons AI Agents vs. Agentless Security vs. Agent-based Security 144 Mastra npm Packages Compromised via Supply Chain Attack The Complete Guide to LLM Security: Risks, Best Practices, and Solutions Cloud Security LIVE 2026: Top 10 Takeaways Practitioners Can Use Now Cloud Security LIVE 2026: Top 10 Takeaways CISOs Can Use Now (and What to Do Next) How Orca Traced an nginx Flaw to 1.45 Million Tengine Servers All Running Vulnerable Code What to Look for in Container Security Tools Cloud Application Security Best Practices for DevSecOps Cloud Security Tools: 10 Types Explained for Teams What Is NIST CSF? Framework 2.0 Explained 7 Open Source Incident Response Tools by Category Critical Langflow Path Traversal Flaw Exploited for Unauthenticated RCE Critical PhpSpreadsheet RCE Patch Bypass Puts Millions at Risk Critical Splunk Enterprise Vulnerabilities Allow Unauthenticated File Operations and Remote Code Execution 16 Best Open Source Application Security Tools 2026 What Is Containerization? Security and Best Practices 8 Container Security Best Practices for 2026 Close the Cloud Identity Gap with Orca and AWS IAM Access Analyzer The 5-Step Context-Aware Cloud Vulnerability Prioritization Framework Critical Jupyter Enterprise Gateway Vulnerabilities Enable Full Kubernetes Cluster Takeover AI Security Best Practices for Regulated Industries Massive PyPI Supply Chain Attack Harvests Cloud Credentials via Python Startup Hooks SAST vs SCA: Key Differences for AppSec Teams What Is Cloud Security Architecture? Principles, Layers, and Frameworks What Is ASPM? A Guide to Application Security Posture Management What Is SaaS Security? A Practical Guide 2026 What Is a Man-in-the-Middle Attack? A Cloud Security Guide What Is Open Policy Agent? Best Practices and Use Cases 11 Best Open-Source DevSecOps Tools for 2026 How to Secure AI Workloads in Multi-Cloud Environments: A Complete Framework Critical WordPress Plugin Vulnerability Allows Unauthenticated Admin Takeover on 150K Sites What Is Kubernetes as a Service? KaaS Explained Critical Netlogon RCE Flaw Actively Exploited Against Windows Domain Controllers Your FedRAMP Continuous Monitoring Strategy Has a Gap. We Built Something to Fix It. How to Simplify Multi-Cloud Compliance Reporting: The 2026 Checklist Red Hat npm Packages Compromised in Supply-Chain Attack Spreading Credential-Stealing Worm Critical RCE in LiquidJS Lets Attackers Execute Arbitrary Commands on Unpatched Hosts Securing Shadow AI: How to Detect Unapproved LLMs in Your Cloud Data Security Posture Management (DSPM) for AI Gitea Container Registry Exposes Private Images to Unauthenticated Attackers Critical Unauthenticated RCE in Kopia Backup via SSH ProxyCommand Injection Best Palo Alto Networks Cortex (Prisma Cloud) Alternatives in 2026 7 Enterprise AI Security Risks to Manage Critical Pre-Auth RCE in ChromaDB Threatens AI Infrastructure Critical Coder Signature Bypass Exposes Developer Keys and Tokens New “PoolSlip” NGINX Exploit Revives Unpatched Remote Code Execution Risk Critical Drupal SQL Injection Exposes PostgreSQL-Backed Sites to Remote Code Execution AI Security Tools: How to Evaluate Them Across Every ML Attack Phase Massive npm Supply Chain Attack Compromises AntV Ecosystem, Steals CI/CD Secrets at Scale NIST AI Risk Management Framework (AI RMF) Explained: What It Is and How Organizations Use It The AI Data You Forgot to Lock: How Exposed Vector Databases Put Organizations at Risk GenAI Risks in Cloud Environments: What Security Teams Are Actually Missing in 2026 What Is Multi-Cloud Security? What Is Cloud Detection and Response (CDR)? Linux kernel vulnerability enables local theft of SSH host keys and /etc/shadow 18-Year-Old NGINX Rewrite Module Flaw Enables Unauthenticated DoS and Potential RCE Announcing Cloud Security Agent Skills for Orca’s MCP Server TanStack and 160+ npm/PyPI Packages Compromised in Supply Chain Worm Attack Dirty Frag: Linux Kernel Vulnerability Chain Enables Local Privilege Escalation to Root Critical Apache HTTP Server HTTP/2 Vulnerability Could Enable Remote Code Execution Skill Issues: How We Discovered Supply Chain Attack Vectors in an AI Agent Skills Marketplace What Is an Incident Response Plan? What Is Cloud Data Security? Risks, Challenges, and 12 Best Practices Remote Code Execution in GitHub Enterprise Server via Git Push Injection (CVE-2026-3854) Linux Kernel Bug (Copy.Fail) Enables Local Privilege Escalation to Root (CVE-2026-31431) Xinference PyPI package compromise leads to full environment takeover What is Application Security? When AI Accelerates the Offense, Coverage Gaps Become Catastrophic Orca Security Recognized in the 2026 TAG Enterprise AI Security Handbook Navigating Cloud Security in 2026: Join Cloud Security LIVE Anthropic’s Project Glasswing Is a Positive Step Toward Cleaner, Safer Production Kyverno SSRF: Breaking Kubernetes Namespace Isolation (CVE-2026-4789) CVE-2026-23226: How a Missing Lock in ksmbd’s Channel List Exposes Your Linux SMB3 Server 2026 State of AppSec: When Development Velocity Outpaces Security AI Is Entering Your Infrastructure. Now what? Orca Security Featured in SACR’s 2026 Unified Agentic Defense Platforms Report Supply Chain Attack on Axios Delivers Cross-Platform RAT via Compromised npm Account Credential‑Stealing Malware in LiteLLM Supply Chain Attack Mission Accomplished: Orchestrate Your Remediation Strategy With Orca Missions The Orca Approach to Runtime AI Security
Streamline Compliance Reporting with Orca and Drata’s Integrated Vulnerability Management
2026-04-09 · via Blog | Orca Security

We are excited to announce Orca now integrates with Drata, an Agentic Trust Management Platform, to offer comprehensive vulnerability assessments to identify compliance risks across your digital estate. Orca’s integration empowers Drata with Vulnerability Management findings from your Orca Security platform. The combination of Orca’s deep technical telemetry with Drata’s governance framework ensures cloud assets are discovered, monitored, and satisfy compliance requirements.

In today’s cloud-centric reality, reactive remediation is not enough for security teams to address the two-front war of unknown and dangerously known exploits that leave your organization vulnerable to threat actors. Since its creation in 2021, CISA’s catalog of Known Exploited Vulnerabilities (KEV) has jumped from 287 to over 1,500 in less than 5 years. Security teams simply do not have the ability to be everywhere all at once and need the right solution to aid the discovery, enumeration, and reporting of compliance gaps. 

How the Drata Integration Automates Your Vulnerability Surface Monitoring

Closing these gaps requires an integrated system where Compliance Management and Vulnerability Management act as the strategy and the engine of your defense. This partnership ensures that the risk-reduction workflow is established and governed by a plan that aligns security actions with organizational objectives. This plan can then be operationalized through the deployment of Vulnerability Scanning–an automated technique used to proactively identify cloud-native assets, ephemeral infrastructure, and associated vulnerabilities. 

Screenshot of the SOCPilot platform's 'Available Connections' page showing an integration card for Orca Security under the 'Vulnerability' category.
Orca now integrates to ingest vulnerability scanning findings directly into Drata

The integration of Orca’s Vulnerability Management and scanning capabilities with Drata’s Compliance Management automation transforms mandatory regulatory compliance into a repeatable, audit-ready cycle of risk reduction. By connecting with Orca, you easily and automatically satisfy automated vulnerability monitoring test requirements within Drata. To get started, search for Orca Security in Drata under Available Connections.

Mapping Findings to Evidence via the Orca and Drata Integration

Configuration screen for the Orca Security integration in Drata, featuring vulnerability severity filters and an active date selection menu.
Administrators set the minimum severity level for vulnerabilities to be included and to specify the starting date for data retrieval

Once you have connected and configured your vulnerability severity scope, Drata automatically maps evidence from Orca’s vulnerability data to the Drata Control Framework (DCF). The DCF is Drata’s centralized, proprietary set of controls to address scanning requirements across common industry regulations, standards, and frameworks (such as SOC 2, ISO 27001, and PCI DSS).

Screenshot of the Drata platform's Orca Security integration modal, requiring an API Token and Region to establish the connection.

Drata periodically pulls vulnerability data from Orca to verify that scans are being performed according to your internal policies. Thus eliminating the need for screenshots of scan reports by streamlining compliance reporting with automated evidence collection.

Drata monitoring dashboard filtered for Orca Security tests, displaying a 42% passage rate across production infrastructure.
Automated vulnerability test statuses are set to Active after connecting to Orca
Drata Vulnerabilities dashboard with the Orca Security integration selected, showing a list of active CVEs and their respective SLA due dates.
Centralize vulnerability findings by connecting various scanning tools for a unified view

By integrating Orca with Drata, security findings automatically map to your organization’s compliance strategy, making it easier than ever to identify compliance gaps, gather the necessary evidence to take remediation action, and ensure full audit readiness.

Next Steps: Scale Your Compliance Program with Orca + DrataLearn more 

Interested in discovering the benefits of the Orca Platform and how it can be integrated with tools like Drata? Schedule a personalized 1:1 demo, and we’ll show how you can use Orca to identify, prioritize, and remediate risks in your cloud environment. If you already use both Orca and Drata, follow the steps in the documentation to set up the integration.

Command Your Cloud With Orca

Orca offers a unified and comprehensive cloud security platform that identifies, prioritizes, and remediates security risks and compliance issues across AWS, Azure, Google Cloud, Oracle Cloud, Alibaba Cloud, Tencent Cloud and Kubernetes. The Orca Cloud Security Platform leverages Orca’s patented SideScanning™ technology to provide complete coverage and comprehensive risk detection.