.avif)
Vulnerabilities & Threats
.png)
npm debug and chalk packages compromised
The popular packages debug and chalk on npm have been compromised with malicious code
The malware dating guide: Understanding the types of malware on NPM
A breakdown of real-world malicious npm packages and the techniques they use to exploit the JavaScript supply chain.
Hide and Fail: Obfuscated Malware, Empty Payloads, and npm Shenanigans
Investigating a failed npm malware campaign using time-delayed payloads, obfuscation tricks, and reused dependencies.
Malware hiding in plain sight: Spying on North Korean Hackers
When a malicious NPMjs package was uploaded, we didn't expect we would be watching the North Korean Lazarus group debug it in real time. But we did/
Get the TL;DR: tj-actions/changed-files Supply Chain Attack
Let’s get into the tj-actions/changed-files supply chain attack, what you should do, what happened, and more information.
Prisma and PostgreSQL vulnerable to NoSQL injection? A surprising security risk explained
Discover how Prisma ORM and PostgreSQL can be vulnerable to operator injection, a form of NoSQL injection. Learn how attackers exploit this risk and get practical tips to secure your JavaScript applications with input validation and safe query practices.
Command injection in 2024 unpacked
Command injection continues to be a significant vulnerability in applications. This report reviews how many injection vulnerabilities are found in closed and open-source projects throughout 2024
Path Traversal in 2024 - The year unpacked
This report looks at how prominant path traversal is in 2024 by analysing how many vulnerabilities involving path traversal were discovered in open-source and closed-source projects.
The State of SQL Injection
SQL injection also known as SQLi is one of the longest standing vulnerabilities still prominant today. This report reviews the trend of SQLi for 2024
110,000 sites affected by the Polyfill supply chain attack
A critical supply chain attack has compromised over 110,000 websites via cdn.polyfill.io—remove it immedaitely to protect user data and app integrity.
What is a CVE?
What is a CVE? Common vulnerabilities and exposures database inform devs and security teams about past threats. CVSS scores report the severity of a CVE.
Customer Stories
See how teams like yours are using Aikido to simplify security and ship with confidence.
Compliance
Stay ahead of audits with clear, dev-friendly guidance on SOC 2, ISO standards, GDPR, NIS, and more.
Guides & Best Practices
Actionable tips, security workflows, and how-to guides to help you ship safer code faster.
DevSec Tools & Comparisons
Deep dives and side-by-sides of the top tools in the AppSec and DevSecOps landscape.
Get secure for free
Secure your code, cloud, and runtime in one central system.
Find and fix vulnerabilities fast automatically.
.avif)
