.avif)
Welcome to our blog.
A deeper look into the threat actor behind the react-native-aria attack
We investigate the activity of the threat actor that compromised react-native-aria packages on npm, and how they are evolving their attacks.
.png)
Malicious crypto-theft package targets Web3 developers in North Korean operation
Aikido Security uncovers a North Korean-linked supply chain attack using the fake npm package web3-wrapper-ethers to steal private keys from Web3 developers. Linked to Void Dokkaebi, the threat actor mirrors past DPRK crypto theft operations. Learn how the attack worked and what to do if you're affected.
Active NPM Attack Escalates: 16 React Native Packages for GlueStack Backdoored Overnight
A sophisticated supply chain attack is actively compromising packages related to react-native-aria on NPM, deploying a stealthy Remote Access Trojan (RAT) hidden through obfuscation and spreading across modules with over a million weekly downloads.
Customer Stories
See how teams like yours are using Aikido to simplify security and ship with confidence.
Compliance
Stay ahead of audits with clear, dev-friendly guidance on SOC 2, ISO standards, GDPR, NIS, and more.
Guides & Best Practices
Actionable tips, security workflows, and how-to guides to help you ship safer code faster.
DevSec Tools & Comparisons
Deep dives and side-by-sides of the top tools in the AppSec and DevSecOps landscape.
Reducing Cybersecurity Debt with AI Autotriage
We dive into how AI can assist us in a meaningful way to triage vulnerabilities and get rid of our security debt.
XRP supply chain attack: Official NPM package infected with crypto stealing backdoor
The official XPRL (Ripple) NPM package was compromised by sophisticated attackers who put in a backdoor to steal cryptocurrency private keys and gain access to cryptocurrency wallets.
Top Container Scanning Tools in 2025
Discover the best Container Scanning tools in 2025. Compare features, pros, cons, and integrations to choose the right solution for your DevSecOps pipeline.
SAST vs DAST: What you need to know.
Get an overview of SAST vs DAST, what they are, how to use them together, and why they matter for your application security.
Mend.io Not Cutting It? Here Are Better SCA Alternatives
Explore top Mend.io alternatives for open source security, license risk, and better developer workflows.
Best Orca Security Alternatives for Cloud & CNAPP Security
See how the best Orca Security competitors compare for agentless cloud protection and CNAPP capabilities.
From Code to Cloud: Best Tools Like Cycode for End-to-End Security
Find the best Cycode alternatives to secure your pipelines, dependencies, and SDLC in 2025.
XRP supply chain attack: Official NPM package infected with crypto stealing backdoor
The official XPRL (Ripple) NPM package was compromised by sophisticated attackers who put in a backdoor to steal cryptocurrency private keys and gain access to cryptocurrency wallets.
Top Checkmarx Alternatives for SAST and Application Security
Looking beyond Checkmarx? These SAST tools offer faster scans, fewer false positives, and CI/CD support.
Top GitHub Advanced Security Alternatives for DevSecOps Teams
Discover top alternatives to GitHub Advanced Security with better SAST, secrets detection, and CI coverage.
The malware dating guide: Understanding the types of malware on NPM
A breakdown of real-world malicious npm packages and the techniques they use to exploit the JavaScript supply chain.
Hide and Fail: Obfuscated Malware, Empty Payloads, and npm Shenanigans
Investigating a failed npm malware campaign using time-delayed payloads, obfuscation tricks, and reused dependencies.
Why Lockfiles Matter for Supply Chain Security
Lockfiles secure your software supply chain by ensuring consistent, tamper-proof dependencies.
Launching Aikido Malware – Open Source Threat Feed
launching Aikido Malware — our proprietary malware feed built to detect and track malicious packages in open-source ecosystems like npm and soon, PyPI.
Get secure for free
Secure your code, cloud, and runtime in one central system.
Find and fix vulnerabilities fast automatically.
.avif)
