.avif)
Vulnerabilities & Threats
Shai Hulud Attacks Persist Through GitHub Actions Vulnerabilities
Shai Hulud threat actors are leveraging GitHub Actions vulnerabilities in an ongoing exploitation campaign. Discover the impact and recommended security measures.
Shai Hulud Launches Second Supply-Chain Attack: Zapier, ENS, AsyncAPI, PostHog, Postman Compromised
The threat actor behind “Shai Hulud 2.0” launched a new malware campaign compromising the supply chain of Zapier, ENS Domains and more — exposing secrets, injecting malicious code, and enabling widespread developer-environment takeover.
.png)
A deeper look into the threat actor behind the react-native-aria attack
We investigate the activity of the threat actor that compromised react-native-aria packages on npm, and how they are evolving their attacks.
Malicious crypto-theft package targets Web3 developers in North Korean operation
Aikido Security uncovers a North Korean-linked supply chain attack using the fake npm package web3-wrapper-ethers to steal private keys from Web3 developers. Linked to Void Dokkaebi, the threat actor mirrors past DPRK crypto theft operations. Learn how the attack worked and what to do if you're affected.
Active NPM Attack Escalates: 16 React Native Packages for GlueStack Backdoored Overnight
A sophisticated supply chain attack is actively compromising packages related to react-native-aria on NPM, deploying a stealthy Remote Access Trojan (RAT) hidden through obfuscation and spreading across modules with over a million weekly downloads.
You're Invited: Delivering malware via Google Calendar invites and PUAs
Threat actor used malicious Google Invites and hidden Unicode “Private Use Access” characters (PUAs) to brilliantly obfuscate and hide a malicious NPM package.
RATatouille: A Malicious Recipe Hidden in rand-user-agent (Supply Chain Compromise)
RATatouille: A Malicious Recipe Hidden in rand-user-agent (Supply Chain Compromise)
A Guide to Container Privilege Escalation Vulnerabilities
Learn how container privilege escalation vulnerabilities work, the risks they pose, and steps to prevent attackers from gaining unauthorized access.
XRP supply chain attack: Official NPM package infected with crypto stealing backdoor
The official XPRL (Ripple) NPM package was compromised by sophisticated attackers who put in a backdoor to steal cryptocurrency private keys and gain access to cryptocurrency wallets.
The malware dating guide: Understanding the types of malware on NPM
A breakdown of real-world malicious npm packages and the techniques they use to exploit the JavaScript supply chain.
Top 9 Docker Container Security Vulnerabilities
Discover the top Docker container security vulnerabilities, their risks, and best practices to secure your applications against modern container threats
Hide and Fail: Obfuscated Malware, Empty Payloads, and npm Shenanigans
Investigating a failed npm malware campaign using time-delayed payloads, obfuscation tricks, and reused dependencies.
Customer Stories
See how teams like yours are using Aikido to simplify security and ship with confidence.
Compliance
Stay ahead of audits with clear, dev-friendly guidance on SOC 2, ISO standards, GDPR, NIS, and more.
Guides & Best Practices
Actionable tips, security workflows, and how-to guides to help you ship safer code faster.
DevSec Tools & Comparisons
Deep dives and side-by-sides of the top tools in the AppSec and DevSecOps landscape.
Get secure for free
Secure your code, cloud, and runtime in one central system.
Find and fix vulnerabilities fast automatically.
.avif)
