.avif)
Vulnerabilities & Threats
Shai Hulud Attacks Persist Through GitHub Actions Vulnerabilities
Shai Hulud threat actors are leveraging GitHub Actions vulnerabilities in an ongoing exploitation campaign. Discover the impact and recommended security measures.
Shai Hulud Launches Second Supply-Chain Attack: Zapier, ENS, AsyncAPI, PostHog, Postman Compromised
The threat actor behind “Shai Hulud 2.0” launched a new malware campaign compromising the supply chain of Zapier, ENS Domains and more — exposing secrets, injecting malicious code, and enabling widespread developer-environment takeover.
.png)
Shai Hulud Attacks Persist Through GitHub Actions Vulnerabilities
Shai Hulud threat actors are leveraging GitHub Actions vulnerabilities in an ongoing exploitation campaign. Discover the impact and recommended security measures.
Shai Hulud Launches Second Supply-Chain Attack: Zapier, ENS, AsyncAPI, PostHog, Postman Compromised
The threat actor behind “Shai Hulud 2.0” launched a new malware campaign compromising the supply chain of Zapier, ENS Domains and more — exposing secrets, injecting malicious code, and enabling widespread developer-environment takeover.
Invisible Unicode Malware Strikes OpenVSX, Again
Another wave of Open VSX extensions were compromised today.
The Return of the Invisible Threat: Hidden PUA Unicode Hits GitHub repositorties
Threat actors are using Unprintable Unicode Characters to
Bugs in Shai-Hulud: Debugging the Desert
The Shai Hulud worm had some bugs of its own, and required patching by the attackers. We also look at a timeline of events, to see how it unfolded.
S1ngularity/nx attackers strike again
The attackers behind the nx attack have struck again, targeting a large amount of packages, with a first-of-its-kind worm payload.
We Got Lucky: The Supply Chain Disaster That Almost Happened
Eighteen widely used open source packages were compromised, downloaded billions of times and embedded across nearly every cloud environment. The community dodged a bullet. But this close call shows just how fragile our software supply chain really is.
duckdb npm packages compromised
The popular package duckdb was compromised by same attackers that hit debug and chalk
npm debug and chalk packages compromised
The popular packages debug and chalk on npm have been compromised with malicious code
Without a Dependency Graph Across Code, Containers, and Cloud, You’re Blind to Real Vulnerabilities
Stop drowning in CVEs. Without a dependency graph across code, containers, and cloud, you’ll miss real vulnerabilities and chase false positives
Popular nx packages compromised on npm
The popular nx package on npm was compromised, and stolen data was published on GitHub publicly
WTF is Vibe Coding Security? Risks, Examples, and How to Stay Safe
Vibe coding is the new AI coding trend where anyone can spin up an app in hours. But from Replit’s database wipe to exposed tea apps, the risks are real. Learn what vibe coding security means, the difference from agentic coding, and how CISOs can keep the vibes without the vulnerabilities.
Customer Stories
See how teams like yours are using Aikido to simplify security and ship with confidence.
Compliance
Stay ahead of audits with clear, dev-friendly guidance on SOC 2, ISO standards, GDPR, NIS, and more.
Guides & Best Practices
Actionable tips, security workflows, and how-to guides to help you ship safer code faster.
DevSec Tools & Comparisons
Deep dives and side-by-sides of the top tools in the AppSec and DevSecOps landscape.
Get secure for free
Secure your code, cloud, and runtime in one central system.
Find and fix vulnerabilities fast automatically.
.avif)
