惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

T
Threatpost
IT之家
IT之家
Hugging Face - Blog
Hugging Face - Blog
Engineering at Meta
Engineering at Meta
爱范儿
爱范儿
博客园 - Franky
博客园 - 【当耐特】
MyScale Blog
MyScale Blog
雷峰网
雷峰网
月光博客
月光博客
云风的 BLOG
云风的 BLOG
博客园 - 司徒正美
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
P
Proofpoint News Feed
The GitHub Blog
The GitHub Blog
N
Netflix TechBlog - Medium
WordPress大学
WordPress大学
罗磊的独立博客
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
H
Hackread – Cybersecurity News, Data Breaches, AI and More
Y
Y Combinator Blog
Know Your Adversary
Know Your Adversary
宝玉的分享
宝玉的分享
L
Lohrmann on Cybersecurity
S
SegmentFault 最新的问题
L
LangChain Blog
K
Kaspersky official blog
P
Palo Alto Networks Blog
P
Privacy & Cybersecurity Law Blog
美团技术团队
Scott Helme
Scott Helme
B
Blog RSS Feed
T
Threat Research - Cisco Blogs
博客园_首页
L
LINUX DO - 热门话题
腾讯CDC
C
CERT Recently Published Vulnerability Notes
A
About on SuperTechFans
博客园 - 三生石上(FineUI控件)
J
Java Code Geeks
V
V2EX
Martin Fowler
Martin Fowler
T
The Exploit Database - CXSecurity.com
人人都是产品经理
人人都是产品经理
MongoDB | Blog
MongoDB | Blog
Latest news
Latest news
S
Schneier on Security
AWS News Blog
AWS News Blog

Blog | Orca Security

Langflow RCE Actively Exploited to Deploy Cryptominers on AI Infrastructure Orca MCP: When Text Stops Scaling Kubernetes Compliance Tools: Automating CIS Benchmarks Risk-Based Vulnerability Management for the Cloud: A 2026 Guide Private Cloud Security: Top Risks and Best Practices (2026) What Is Generative AI in Cybersecurity? Best Vulnerability Management Tools and Software in 2026 2026 State of Application Security Report Recap: What the Data Says and What Security Teams Should Do About It AI Security for Sensitive Data: Best Practices and Guidelines Best AI Code Security Solutions 2026: How to Secure AI-Generated Code From Platform to Program: How to Ensure Your Cloud Security Solution Delivers Best AI Cybersecurity Providers 2026: A Buyer's Guide to AI-Powered Security Platforms Join Orca Security at Black Hat USA 2026 CNAPP Tools That Reduce Security Tool Sprawl: CNAPP vs. Dedicated Solutions What Is Container Runtime Security? A Practical Guide 2026 What Is Application Security Testing? Tools and Types What Is Managed Cloud Security? A Practical Guide What Is SaaS Security Posture Management? SSPM Guide Top 10 Cloud Security Standards for Compliance What is the MIT License? Compliance and Comparisons AI Agents vs. Agentless Security vs. Agent-based Security 144 Mastra npm Packages Compromised via Supply Chain Attack The Complete Guide to LLM Security: Risks, Best Practices, and Solutions Cloud Security LIVE 2026: Top 10 Takeaways Practitioners Can Use Now Cloud Security LIVE 2026: Top 10 Takeaways CISOs Can Use Now (and What to Do Next) How Orca Traced an nginx Flaw to 1.45 Million Tengine Servers All Running Vulnerable Code What to Look for in Container Security Tools Cloud Application Security Best Practices for DevSecOps Cloud Security Tools: 10 Types Explained for Teams What Is NIST CSF? Framework 2.0 Explained 7 Open Source Incident Response Tools by Category Critical Langflow Path Traversal Flaw Exploited for Unauthenticated RCE Critical PhpSpreadsheet RCE Patch Bypass Puts Millions at Risk Critical Splunk Enterprise Vulnerabilities Allow Unauthenticated File Operations and Remote Code Execution 16 Best Open Source Application Security Tools 2026 What Is Containerization? Security and Best Practices 8 Container Security Best Practices for 2026 Close the Cloud Identity Gap with Orca and AWS IAM Access Analyzer The 5-Step Context-Aware Cloud Vulnerability Prioritization Framework Critical Jupyter Enterprise Gateway Vulnerabilities Enable Full Kubernetes Cluster Takeover AI Security Best Practices for Regulated Industries Massive PyPI Supply Chain Attack Harvests Cloud Credentials via Python Startup Hooks SAST vs SCA: Key Differences for AppSec Teams What Is Cloud Security Architecture? Principles, Layers, and Frameworks What Is ASPM? A Guide to Application Security Posture Management What Is SaaS Security? A Practical Guide 2026 What Is a Man-in-the-Middle Attack? A Cloud Security Guide What Is Open Policy Agent? Best Practices and Use Cases 11 Best Open-Source DevSecOps Tools for 2026 How to Secure AI Workloads in Multi-Cloud Environments: A Complete Framework Critical WordPress Plugin Vulnerability Allows Unauthenticated Admin Takeover on 150K Sites What Is Kubernetes as a Service? KaaS Explained Critical Netlogon RCE Flaw Actively Exploited Against Windows Domain Controllers Your FedRAMP Continuous Monitoring Strategy Has a Gap. We Built Something to Fix It. How to Simplify Multi-Cloud Compliance Reporting: The 2026 Checklist Red Hat npm Packages Compromised in Supply-Chain Attack Spreading Credential-Stealing Worm Critical RCE in LiquidJS Lets Attackers Execute Arbitrary Commands on Unpatched Hosts Securing Shadow AI: How to Detect Unapproved LLMs in Your Cloud Data Security Posture Management (DSPM) for AI Gitea Container Registry Exposes Private Images to Unauthenticated Attackers Critical Unauthenticated RCE in Kopia Backup via SSH ProxyCommand Injection Best Palo Alto Networks Cortex (Prisma Cloud) Alternatives in 2026 7 Enterprise AI Security Risks to Manage Critical Pre-Auth RCE in ChromaDB Threatens AI Infrastructure Critical Coder Signature Bypass Exposes Developer Keys and Tokens New “PoolSlip” NGINX Exploit Revives Unpatched Remote Code Execution Risk Critical Drupal SQL Injection Exposes PostgreSQL-Backed Sites to Remote Code Execution AI Security Tools: How to Evaluate Them Across Every ML Attack Phase Massive npm Supply Chain Attack Compromises AntV Ecosystem, Steals CI/CD Secrets at Scale NIST AI Risk Management Framework (AI RMF) Explained: What It Is and How Organizations Use It The AI Data You Forgot to Lock: How Exposed Vector Databases Put Organizations at Risk GenAI Risks in Cloud Environments: What Security Teams Are Actually Missing in 2026 What Is Multi-Cloud Security? What Is Cloud Detection and Response (CDR)? Linux kernel vulnerability enables local theft of SSH host keys and /etc/shadow 18-Year-Old NGINX Rewrite Module Flaw Enables Unauthenticated DoS and Potential RCE Announcing Cloud Security Agent Skills for Orca’s MCP Server TanStack and 160+ npm/PyPI Packages Compromised in Supply Chain Worm Attack Dirty Frag: Linux Kernel Vulnerability Chain Enables Local Privilege Escalation to Root Critical Apache HTTP Server HTTP/2 Vulnerability Could Enable Remote Code Execution Skill Issues: How We Discovered Supply Chain Attack Vectors in an AI Agent Skills Marketplace What Is an Incident Response Plan? What Is Cloud Data Security? Risks, Challenges, and 12 Best Practices Remote Code Execution in GitHub Enterprise Server via Git Push Injection (CVE-2026-3854) Linux Kernel Bug (Copy.Fail) Enables Local Privilege Escalation to Root (CVE-2026-31431) Xinference PyPI package compromise leads to full environment takeover What is Application Security? When AI Accelerates the Offense, Coverage Gaps Become Catastrophic Orca Security Recognized in the 2026 TAG Enterprise AI Security Handbook Anthropic’s Project Glasswing Is a Positive Step Toward Cleaner, Safer Production Kyverno SSRF: Breaking Kubernetes Namespace Isolation (CVE-2026-4789) Streamline Compliance Reporting with Orca and Drata’s Integrated Vulnerability Management CVE-2026-23226: How a Missing Lock in ksmbd’s Channel List Exposes Your Linux SMB3 Server 2026 State of AppSec: When Development Velocity Outpaces Security AI Is Entering Your Infrastructure. Now what? Orca Security Featured in SACR’s 2026 Unified Agentic Defense Platforms Report Supply Chain Attack on Axios Delivers Cross-Platform RAT via Compromised npm Account Credential‑Stealing Malware in LiteLLM Supply Chain Attack Mission Accomplished: Orchestrate Your Remediation Strategy With Orca Missions The Orca Approach to Runtime AI Security
Navigating Cloud Security in 2026: Join Cloud Security LIVE
Jake Kramber · 2026-04-14 · via Blog | Orca Security

In today’s cloud environments, security leaders aren’t just defending systems. They’re navigating constant change.

AI is accelerating development. Cloud ecosystems are more interconnected than ever. And attackers are evolving just as quickly, exploiting identities, supply chains, and automation to move faster than traditional defenses can keep up.

It’s no longer enough to simply “secure the cloud.” The challenge now is knowing where to focus, how to communicate risk, and how to operate with confidence at speed.

That’s the backdrop for Cloud Security LIVE 2026, Orca Security’s virtual summit, bringing together security leaders and practitioners to share how they’re navigating this new reality. Sign up for this free virtual event (May 12, 2026 | 8:30–11:30 AM PT) and hear directly from the practitioners shaping modern cloud security. You’ll learn how they are building trust, improving resilience, securing AI, and managing risk beyond direct control. Read below to see what to expect from the event and save your seat.

Keynote – Trust by Design: Leading a Cultural & Technical Rebirth in the Age of AI

Security leaders today are expected to do more than reduce risk. They are expected to build trust across the organization.

In this keynote, Erika Voss, CISO at Blue Yonder, draws from her experience helping her organization navigate and recover from two real-world security incidents. She will share how teams can stabilize quickly, rebuild trust, and move forward with clarity.

This session focuses on how to translate technical progress into business context, communicate effectively with executives and boards, and navigate the turbulence that comes with modern cloud environments. You’ll also hear how resetting culture, focusing on the right priorities, and building trust after incidents can create momentum for long-term transformation.

Speakers:

  • Erika Voss, CISO, Blue Yonder
  • Intro by Ashish Rajan, CISO at Kaizenteq & Host of Cloud Security Podcast

Key topics:

  • Aligning security initiatives with business priorities
  • Communicating risk and progress clearly to executives and boards
  • Building trust as a foundational element of modern security programs
  • Rebuilding trust and resetting culture after security incidents
  • Leading teams through incidents and driving recovery at scale

Session #1 – AI on Both Sides: Securing and Running AI in the Cloud

AI is fundamentally changing both how organizations build and how they defend.

This session brings together experts from Orca Security, Zscaler, and the Cloud Security Alliance to explore how organizations can secure AI systems while also using AI to strengthen security operations.

The conversation focuses on the dual challenge of managing new AI-driven risks while leveraging AI to improve visibility, detection, and response.

Speakers:

  • Gil Geron, CEO & Co-Founder, Orca Security
  • Brian Gatta, GVP, Specialty Sales, Zscaler
  • Jim Reavis, CEO, Cloud Security Alliance

Key topics:

  • Securing AI models, training data, and inference pipelines
  • Managing risks introduced by AI-driven development and integrations
  • Using AI to improve detection, prioritization, and response
  • Building toward adaptive, AI-driven security operations

Session #2 – Beyond the Perimeter: Mastering Third-Party & Software Risk

Modern cloud environments extend far beyond the infrastructure you own.

In this session, experts from Orca Security and Chainguard explore how organizations can strengthen visibility and control across third-party ecosystems, including software supply chains, open source dependencies, and SaaS integrations.

The focus is on building resilience across interconnected environments without slowing development.

Speakers:

  • Gus Evangelakos, VP of Global Sales Engineering, Orca Security
  • Mike Behrmann, Director of Cyber Resiliency, Chainguard
  • Alex Burrage, Director of Product Security, Chainguard

Key topics:

  • Managing risk across third-party vendors, APIs, and SaaS integrations
  • Securing software supply chains and open-source dependencies at scale
  • Applying continuous monitoring and automated validation to vendor risk
  • Preparing for AI-driven supply chain security and continuous trust models

Session #3 – Leadership Panel: Real-World Decisions on AI and Cloud Risk

Security leaders are navigating increasing complexity, balancing innovation with risk while being asked to demonstrate clear outcomes across the business.

In this panel, leaders from Autodesk and a global insurance provider will share how they are driving change, preparing for AI-driven security operations, and making security outcomes visible across their organizations. The discussion will focus on how leaders make real-world decisions on AI adoption, separate signal from noise, and communicate meaningful outcomes in complex environments.

Speakers:

  • Tumraj Gill, Head of Security Architecture and Engineering, Global Speciality Lines Insurance Provider
  • George Erhorn, Director of Security Engineering, Autodesk
  • Moderator: Ashish Rajan, CISO at Kaizenteq & Host of Cloud Security Podcast

Key topics:

  • Making real-world decisions on AI adoption, including when to say yes and when to say no
  • Separating meaningful risk signals from noise in cloud and AI environments
  • Communicating security outcomes clearly to executives and boards
  • Balancing innovation with control without slowing the business

Session #4 – From “Zero Breach” to “Zero Impact”: Rethinking Resilience

For years, the industry has chased the goal of “zero breach.” In 2026, that mindset is breaking down.

In this session, Ariel Parnes (Mitiga) and Tim Chase (Orca Security) introduce the concept of “Zero Impact” resilience, a model that assumes compromise but prioritizes stopping real damage.

The discussion explores why traditional incident response is too slow for modern threats and how organizations can move toward forensic readiness, faster investigation, and more effective containment.

Speakers:

  • Ariel Parnes, Co-Founder & COO, Mitiga
  • Tim Chase, Field CISO & Director of Product Marketing, Orca Security

Key topics:

  • Closing the forensic data gap to enable immediate investigation
  • Using agentic AI to shift from reactive response to proactive threat hunting
  • Reframing security success around business impact, not just prevention
  • A practical framework for achieving “zero impact” resilience

Save your spot for Orca’s Cloud Security LIVE 2026

Whether you’re a CISO, security practitioner, DevOps engineer, or developer, save your seat now for Cloud Security LIVE 2026 on May 12 from 8:30 to 11:30 AM PT.

Tune in to hear from leaders, experts, and practitioners on how they are securing cloud, applications, and AI in today’s environments.

Register for the virtual summit. US-based attendees will also have a chance to win an 64GB Beelink AI PC.