Aikido
Start for Free
No CC required

Welcome to our blog.

Featured
June 7, 2025

Active NPM Attack Escalates: 16 React Native Packages for GlueStack Backdoored Overnight

A sophisticated supply chain attack is actively compromising packages related to react-native-aria on NPM, deploying a stealthy Remote Access Trojan (RAT) hidden through obfuscation and spreading across modules with over a million weekly downloads.

Tags/

Malware,

Vulnerabilities,

June 3, 2025

Zero day attack prevention for NodeJS with Aikido Zen

Assessing Aikido Security's new feature Zen for NodeJS with a focus on zero day attacks

Tags/

RASP,

SQL Injections,

May 26, 2025

Introducing Aikido AI Cloud Search

Search your cloud like a database. Gain instant visibility into your cloud environment with Aikido Cloud Search. Whether you want to identify exposed databases, vulnerable virtual machines, or over-permissive IAM roles — Aikido gives you the power to uncover risk in seconds.

Tags/

Cloud,

May 19, 2025

Vibe Check: The vibe coder’s security checklist

A complete security checklist for AI generated code

Tags/

AI,

Vibe Coding,

March 31, 2025

Malware hiding in plain sight: Spying on North Korean Hackers

When a malicious NPMjs package was uploaded, we didn't expect we would be watching the North Korean Lazarus group debug it in real time. But we did/

Tags/

Malware,

Subscribe to our changelog.
No spam, guaranteed.

Guides & Best Practices

Actionable tips, security workflows, and how-to guides to help you ship safer code faster.

See all

DevSec Tools & Comparisons

Deep dives and side-by-sides of the top tools in the AppSec and DevSecOps landscape.

See all

Vulnerabilities & Threats

Cut through the noise with real-world CVE breakdowns, malware analysis, exploits, and emerging risks.

See all

Product & Company Updates

What’s new at Aikido—from product launches to big security wins.

See all
Product & Company Updates
See all
See all
June 3, 2025

Zero day attack prevention for NodeJS with Aikido Zen

Assessing Aikido Security's new feature Zen for NodeJS with a focus on zero day attacks

Tags/
May 21, 2025

Reducing Cybersecurity Debt with AI Autotriage

We dive into how AI can assist us in a meaningful way to triage vulnerabilities and get rid of our security debt.

Tags/
May 12, 2025

Container Security is Hard — Aikido Container Autofix to Make it Easy

In this post, we’ll explore why updating base images is harder than it seems, walk through real examples, and show how you can automate safe, intelligent upgrades without breaking your app.

Tags/
Vulnerabilities & Threats
See all
See all
June 7, 2025

Active NPM Attack Escalates: 16 React Native Packages for GlueStack Backdoored Overnight

A sophisticated supply chain attack is actively compromising packages related to react-native-aria on NPM, deploying a stealthy Remote Access Trojan (RAT) hidden through obfuscation and spreading across modules with over a million weekly downloads.

Tags/
May 13, 2025

You're Invited: Delivering malware via Google Calendar invites and PUAs

Threat actor used malicious Google Invites and hidden Unicode “Private Use Access” characters (PUAs) to brilliantly obfuscate and hide a malicious NPM package.

Tags/
May 6, 2025

RATatouille: A Malicious Recipe Hidden in rand-user-agent (Supply Chain Compromise)

RATatouille: A Malicious Recipe Hidden in rand-user-agent (Supply Chain Compromise)

Tags/
DevSec Tools & Comparisons
See all
See all
February 12, 2025

Top Dynamic Application Security Testing (DAST) Tools in 2025

Discover the best Dynamic Application Security Testing (DAST) tools in 2025. Compare features, pros, cons, and integrations to choose the right DAST solution for your DevSecOps pipeline.

Tags/
January 9, 2025

Top 10 Software Composition Analysis (SCA) tools in 2025

SCA tools are our best line of defense for open-source security, this article explores the top 10 open-source dependency scanners for 2025

Tags/
August 5, 2024

5 Snyk Alternatives and Why They Are Better

We compare 5 great Snyk alternatives and explain why some are better than others for implementing an application security platform.

Tags/
Guides & Best Practices
See all
See all
May 20, 2025

Understanding SBOM Standards: A Look at CycloneDX, SPDX, and SWID

Understand SBOM standards like CycloneDX, SPDX, and SWID to improve software transparency, security, and compliance.

Tags/
May 19, 2025

Vibe Check: The vibe coder’s security checklist

A complete security checklist for AI generated code

Tags/
April 1, 2025

Why Lockfiles Matter for Supply Chain Security

Lockfiles secure your software supply chain by ensuring consistent, tamper-proof dependencies.

Tags/

Get secure for free

Secure your code, cloud, and runtime in one central system.
Find and fix vulnerabilities fast automatically.

Start for Free
No CC required
Book a demo
No credit card required |Scan results in 32secs.