Trust Center

Orca is unaffected by the vulnerability,
A critical security vulnerability (CVE-2025-30065) has been identified in the parquet-avro module of Apache Parquet's Java library. Applications and services utilizing Apache Parquet Java library versions 1.15.0 and earlier, including those reading or importing Parquet files from external or untrusted sources through big-data frameworks (e.g., Hadoop, Spark, Flink) or custom applications incorporating the Parquet Java code, are potentially vulnerable.

Per the recent Oracle Cloud breach we want to assure you that Orca Security's security team has taken immediate and comprehensive action to protect our systems and data. Although Orca Security is listed among Oracle's tenants, we promptly investigated the incident and implemented all recommended remediation steps provided by the vendor.

Preventative Actions Taken:

• We have rotated all relevant passwords, tokens, and secrets to ensure the security of our systems.
• Our team thoroughly reviewed logs and activities to identify any potential issues and confirm that no unauthorized access occurred.

If you are an Orca customer affected by this breach, we encourage you to review our detailed analysis and guidance on the Oracle Cloud breach, available on our blog: https://orca.security/resources/blog/oracle-cloud-breach-exploiting-cve-2021-35587/. Additionally, you can utilize the Orca Platform to investigate and remediate any potential impacts.

We remain committed to maintaining the highest standards of security and transparency. If you have any questions or concerns, please do not hesitate to reach out to our compliance team or your AE.

Thank you for your trust in Orca Security.

We are aware of the ongoing CrowdStrike outage and want to reassure our customers that Orca remains unaffected. Our security measures and protocols continue to operate without interruption, ensuring that your data remains secure.

We are aware of recent reports related to a potential compromise of certain Snowflake accounts. Orca remains unaffected; no Snowflake accounts managed by Orca were targeted or compromised in this incident. Snowflake has also confirmed to us that they have no indicators of compromise for any of our accounts. As well we continued with further due diligence to ensure our data security.

Our company remains unaffected by the CVE-2024-3094 vulnerability; A malicious backdoor has been discovered in the XZ Utils package, a popular data compression library used in major Linux distributions, affecting XZ Utils versions 5.6.0 and 5.6.1. The vulnerability could allow an attacker to gain unauthorized access to the system and is being tracked as CVE-2024-3094 with a CVSS score of 10 – the highest possible score.

Sincerely, Orca Security team.