.avif)
Welcome to our blog.
A deeper look into the threat actor behind the react-native-aria attack
We investigate the activity of the threat actor that compromised react-native-aria packages on npm, and how they are evolving their attacks.
.png)
Malicious crypto-theft package targets Web3 developers in North Korean operation
Aikido Security uncovers a North Korean-linked supply chain attack using the fake npm package web3-wrapper-ethers to steal private keys from Web3 developers. Linked to Void Dokkaebi, the threat actor mirrors past DPRK crypto theft operations. Learn how the attack worked and what to do if you're affected.
Active NPM Attack Escalates: 16 React Native Packages for GlueStack Backdoored Overnight
A sophisticated supply chain attack is actively compromising packages related to react-native-aria on NPM, deploying a stealthy Remote Access Trojan (RAT) hidden through obfuscation and spreading across modules with over a million weekly downloads.
Customer Stories
See how teams like yours are using Aikido to simplify security and ship with confidence.
Compliance
Stay ahead of audits with clear, dev-friendly guidance on SOC 2, ISO standards, GDPR, NIS, and more.
Guides & Best Practices
Actionable tips, security workflows, and how-to guides to help you ship safer code faster.
DevSec Tools & Comparisons
Deep dives and side-by-sides of the top tools in the AppSec and DevSecOps landscape.
Reducing Cybersecurity Debt with AI Autotriage
We dive into how AI can assist us in a meaningful way to triage vulnerabilities and get rid of our security debt.
XRP supply chain attack: Official NPM package infected with crypto stealing backdoor
The official XPRL (Ripple) NPM package was compromised by sophisticated attackers who put in a backdoor to steal cryptocurrency private keys and gain access to cryptocurrency wallets.
Top Container Scanning Tools in 2025
Discover the best Container Scanning tools in 2025. Compare features, pros, cons, and integrations to choose the right solution for your DevSecOps pipeline.
SAST vs DAST: What you need to know.
Get an overview of SAST vs DAST, what they are, how to use them together, and why they matter for your application security.
Meet Intel: Aikido’s Open Source threat feed powered by LLMs.
Aikido launches Intel, the AI-powered open-source security threat feed that identifies vulnerabilities in projects before disclosed
Aikido joins the AWS Partner Network
Aikido has joined the AWS Partner Network, offering industry-leading "time-to-security" for new AWS users. As a validated AWS partner, Aikido simplifies cloud security and compliance, enhancing visibility across services like EC2 and S3. Discover more on the AWS Marketplace.
Command injection in 2024 unpacked
Command injection continues to be a significant vulnerability in applications. This report reviews how many injection vulnerabilities are found in closed and open-source projects throughout 2024
Path Traversal in 2024 - The year unpacked
This report looks at how prominant path traversal is in 2024 by analysing how many vulnerabilities involving path traversal were discovered in open-source and closed-source projects.
Balancing Security: When to Leverage Open-Source Tools vs. Commercial Tools
Balancing Security: When to Leverage Open-Source Tools vs. Commercial Tools
The State of SQL Injection
SQL injection also known as SQLi is one of the longest standing vulnerabilities still prominant today. This report reviews the trend of SQLi for 2024
Visma’s Security Boost with Aikido: A Conversation with Nikolai Brogaard
Explore how Visma enhances its security stance with Aikido's advanced features. Learn about the benefits of comprehensive risk management, ease of onboarding, and proactive support in an insightful discussion with Nikolai Brogaard.
Security in FinTech: Q&A with Dan Kindler, co-founder & CTO of Bound
We sat down with Dan Kindler, co-founder of Bound, a FinTech company that minimizes currency risk and loss, to learn how they’re dealing with security.
Top 7 ASPM Tools in 2025
Discover the top 7 Application Security Posture Management (ASPM) tools to protect your applications. Learn how ASPM enhances security, prioritizes risks, and integrates seamlessly into development workflows.
Automate compliance with SprintoGRC x Aikido
Discover how SprintoGRC and Aikido can automate your compliance, ensuring fast and efficient process for standards like SOC 2 and ISO 27001 while minimizing developer workload. Use Aikigo to automate technical vulnerability management. Get continuous monitoring, automated workflows, and seamless integrations that let you focus on building your business.
SAST vs DAST: What you need to know.
Get an overview of SAST vs DAST, what they are, how to use them together, and why they matter for your application security.
Best SBOM Tools for Developers: Our 2025 Picks
Discover the best SBOM tools to automate software inventory management, ensure compliance, and improve security. Explore top open-source and enterprise solutions, including Aikido Security, Syft, SPDX, and more. Learn how to track dependencies, detect vulnerabilities, and streamline risk management.
Get secure for free
Secure your code, cloud, and runtime in one central system.
Find and fix vulnerabilities fast automatically.
.avif)
