Aikido
Start for Free
No CC required

Welcome to our blog.

Featured
A deeper look into the threat actor behind the react-native-aria attack
Malicious crypto-theft package targets Web3 developers in North Korean operation
Active NPM Attack Escalates: 16 React Native Packages for GlueStack Backdoored Overnight
Zero day attack prevention for NodeJS with Aikido Zen
Introducing Aikido AI Cloud Search
Top AppSec Tools in 2025
Top Code Vulnerability Scanners in 2025
Top Container Scanning Tools in 2025
Understanding SBOM Standards: A Look at CycloneDX, SPDX, and SWID
Reducing Cybersecurity Debt with AI Autotriage
Vibe Check: The vibe coder’s security checklist
Top Checkmarx Alternatives for SAST and Application Security
Top GitHub Advanced Security Alternatives for DevSecOps Teams
Best Orca Security Alternatives for Cloud & CNAPP Security
Mend.io Not Cutting It? Here Are Better SCA Alternatives
From Code to Cloud: Best Tools Like Cycode for End-to-End Security
Ship Fast, Stay Secure: Better Alternatives to Jit.io
Apiiro Competitors Worth Considering in 2025
Best Static Code Analysis Tools Like Semgrep
Top SonarQube Alternatives in 2025
Best Veracode Alternatives for Application Security (Dev-First Tools to Consider)
Top Wiz.io Alternatives for Cloud & Application Security
Top Cloud Security Posture Management (CSPM) Tools in 2025
Top Dynamic Application Security Testing (DAST) Tools in 2025
You're Invited: Delivering malware via Google Calendar invites and PUAs
Container Security is Hard — Aikido Container Autofix to Make it Easy
RATatouille: A Malicious Recipe Hidden in rand-user-agent (Supply Chain Compromise)
XRP supply chain attack: Official NPM package infected with crypto stealing backdoor
The malware dating guide: Understanding the types of malware on NPM
Why Lockfiles Matter for Supply Chain Security
Hide and Fail: Obfuscated Malware, Empty Payloads, and npm Shenanigans
Launching Aikido Malware – Open Source Threat Feed
Malware hiding in plain sight: Spying on North Korean Hackers
Get the TL;DR: tj-actions/changed-files Supply Chain Attack
A no-BS Docker security checklist for the vulnerability-minded developer
Sensing and blocking JavaScript SQL injection attacks
Prisma and PostgreSQL vulnerable to NoSQL injection? A surprising security risk explained
Best Tools for End-of-Life Detection: 2025 Rankings
Best RASP Tools for Developers in 2025
Best SBOM Tools for Developers: Our 2025 Picks
Top 7 ASPM Tools in 2025
How to Create an SBOM for Software Audits
Launching Opengrep | Why we forked Semgrep
Your Client Requires NIS2 Vulnerability Patching. Now What?
Top 10 Software Composition Analysis (SCA) tools in 2025
Snyk vs Aikido Security | G2 Reviews Snyk Alternative
Top 10 AI-powered SAST tools in 2025
3 Key Steps to Strengthen Compliance and Risk Management
The Startup's Open-Source Guide to Application Security
Meet Intel: Aikido’s Open Source threat feed powered by LLMs.
Launching Aikido for Cursor AI
Aikido joins the AWS Partner Network
Path Traversal in 2024 - The year unpacked
Command injection in 2024 unpacked
Balancing Security: When to Leverage Open-Source Tools vs. Commercial Tools
The State of SQL Injection
Visma’s Security Boost with Aikido: A Conversation with Nikolai Brogaard
Security in FinTech: Q&A with Dan Kindler, co-founder & CTO of Bound
Automate compliance with SprintoGRC x Aikido
5 Snyk Alternatives and Why They Are Better
SAST vs DAST: What you need to know.
Why we’re stoked to partner with Laravel
110,000 sites affected by the Polyfill supply chain attack
Cybersecurity Essentials for LegalTech Companies
Aikido’s 2025 SaaS CTO Security Checklist
Drata Integration - How to Automate Technical Vulnerability Management
DIY guide: ‘Build vs buy’ your OSS code scanning and app security toolkit
SOC 2 certification: 5 things we learned
Top 10 app security problems and how to protect yourself
We just raised our $17 million Series A
Webhook security checklist: How to build secure webhooks
The Cure For Security Alert Fatigue Syndrome
NIS2: Who is affected?
ISO 27001 certification: 8 things we learned
Cronos Group chooses Aikido Security to strengthen security posture for its companies and customers
How Loctax uses Aikido Security to get rid of irrelevant security alerts & false positives
Aikido Security raises €5m to offer a seamless security solution to growing SaaS businesses
Aikido Security achieves ISO 27001:2022 compliance
How StoryChief’s CTO uses Aikido Security to sleep better at night
What is a CVE?
Top 3 web application security vulnerabilities in 2024
New Aikido Security Features: August 2023
Aikido’s 2024 SaaS CTO Security Checklist
15 Top Cloud and Code Security Challenges Revealed by CTOs
Preventing prototype pollution in your repository
What is OWASP Top 10?
How to build a secure admin panel for your SaaS app
How to prepare yourself for ISO 27001:2022
Preventing fallout from your CI/CD platform being hacked
How to Close Deals Faster with a Security Assessment Report
Automate Technical Vulnerability Management [SOC 2]
How does a SaaS startup CTO balance development speed and security?
Aikido Security raises €2 million pre-seed round to build a developer-first software security platform
How a startup’s cloud got taken over by a simple form that sends emails
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
June 12, 2025
Vulnerabilities & Threats

A deeper look into the threat actor behind the react-native-aria attack

We investigate the activity of the threat actor that compromised react-native-aria packages on npm, and how they are evolving their attacks.

#Malware

#Software Supply Chain Security

June 12, 2025
Vulnerabilities & Threats

Malicious crypto-theft package targets Web3 developers in North Korean operation

Aikido Security uncovers a North Korean-linked supply chain attack using the fake npm package web3-wrapper-ethers to steal private keys from Web3 developers. Linked to Void Dokkaebi, the threat actor mirrors past DPRK crypto theft operations. Learn how the attack worked and what to do if you're affected.

#Malware

June 7, 2025
Vulnerabilities & Threats

Active NPM Attack Escalates: 16 React Native Packages for GlueStack Backdoored Overnight

A sophisticated supply chain attack is actively compromising packages related to react-native-aria on NPM, deploying a stealthy Remote Access Trojan (RAT) hidden through obfuscation and spreading across modules with over a million weekly downloads.

#Malware

#Vulnerabilities

Subscribe to our changelog.
No spam, guaranteed.

Customer Stories

See how teams like yours are using Aikido to simplify security and ship with confidence.

See all

Compliance

Stay ahead of audits with clear, dev-friendly guidance on SOC 2, ISO standards, GDPR, NIS, and more.

See all

Guides & Best Practices

Actionable tips, security workflows, and how-to guides to help you ship safer code faster.

See all

DevSec Tools & Comparisons

Deep dives and side-by-sides of the top tools in the AppSec and DevSecOps landscape.

See all

Vulnerabilities & Threats

Cut through the noise with real-world CVE breakdowns, malware analysis, exploits, and emerging risks.

See all

Product & Company Updates

What’s new at Aikido—from product launches to big security wins.

See all
Product & Company Updates
See all
See all
May 21, 2025
Product & Company Updates

Reducing Cybersecurity Debt with AI Autotriage

We dive into how AI can assist us in a meaningful way to triage vulnerabilities and get rid of our security debt.

May 12, 2025
Product & Company Updates

Container Security is Hard — Aikido Container Autofix to Make it Easy

In this post, we’ll explore why updating base images is harder than it seems, walk through real examples, and show how you can automate safe, intelligent upgrades without breaking your app.

May 2, 2024
Product & Company Updates

We just raised our $17 million Series A

We've raised $17M to bring “no BS” security to devs. We’re happy to welcome Henri Tilloy from Singular.vc on board, who is again joined by Notion Capital and Connect Ventures. This round comes just 6 months after we raised $5.3M in seed funding. That’s fast.

Vulnerabilities & Threats
See all
See all
April 22, 2025
Vulnerabilities & Threats

XRP supply chain attack: Official NPM package infected with crypto stealing backdoor

The official XPRL (Ripple) NPM package was compromised by sophisticated attackers who put in a backdoor to steal cryptocurrency private keys and gain access to cryptocurrency wallets.

November 8, 2024
Vulnerabilities & Threats

The State of SQL Injection

SQL injection also known as SQLi is one of the longest standing vulnerabilities still prominant today. This report reviews the trend of SQLi for 2024

July 12, 2023
Vulnerabilities & Threats

What is OWASP Top 10?

What is OWASP Top 10? Learn about the importance of the OWASP Top 10 in building a secure, compliant, and trustworthy web application.

DevSec Tools & Comparisons
See all
See all
May 30, 2025
DevSec Tools & Comparisons

Top Container Scanning Tools in 2025

Discover the best Container Scanning tools in 2025. Compare features, pros, cons, and integrations to choose the right solution for your DevSecOps pipeline.

May 9, 2025
DevSec Tools & Comparisons

Top SonarQube Alternatives in 2025

Explore top SonarQube alternatives for static code analysis, bug detection, and clean code in 2025.

May 1, 2025
DevSec Tools & Comparisons

Top Dynamic Application Security Testing (DAST) Tools in 2025

Discover the best Dynamic Application Security Testing (DAST) tools in 2025. Compare features, pros, cons, and integrations to choose the right DAST solution for your DevSecOps pipeline.

Guides & Best Practices
See all
See all
September 2, 2024
Guides & Best Practices

SAST vs DAST: What you need to know.

Get an overview of SAST vs DAST, what they are, how to use them together, and why they matter for your application security.

August 10, 2023
Guides & Best Practices

Aikido’s 2025 SaaS CTO Security Checklist

Don't be an easy target for hackers! Find out how to secure your SaaS company and keep your code and app 10x more secure. Over 40 vulnerabilities and tips.

July 11, 2023
Guides & Best Practices

How to build a secure admin panel for your SaaS app

Avoid common mistakes when building a SaaS admin panel. We outline some pitfalls and potential solutions specifically for SaaS builders!

OWASP
NIS2
Legaltech
fintech
RASP
End of Life
SQL Injections
DAST
cnapp
cspm
aspm
Infrastructure as a Code IaC
Network Security Monitoring
License Scanners
SBOM
Container Scanning
AppSec
Vulnerabilities
Software Supply Chain Security
API
Dependencies
Continuous Security Monitoring
DevSecOps
Vibe Coding
AI
NPM
autofix
Malware
Article
open-source
SCA
intel
SOC 2
usecase
Tools
SAST
Compliance
CircleCI
Codeship
IMDSv2
Cloud
IMDSv1
SSRF
AWS
August 10, 2023
Guides & Best Practices

Aikido’s 2024 SaaS CTO Security Checklist

Don't be an easy target for hackers! Find out how to secure your SaaS company and keep your code and app 10x more secure. Over 40 vulnerabilities and tips.

Tags/

#AppSec

July 25, 2023
Guides & Best Practices

15 Top Cloud and Code Security Challenges Revealed by CTOs

We consulted 15 SaaS CTOs from cloud-native software companies about their cloud and code security concerns. Priorities, blockers, flaws, desired outcomes!

Tags/

#AppSec

#Cloud

July 12, 2023
Vulnerabilities & Threats

What is OWASP Top 10?

What is OWASP Top 10? Learn about the importance of the OWASP Top 10 in building a secure, compliant, and trustworthy web application.

Tags/

#OWASP

#Vulnerabilities

July 11, 2023
Guides & Best Practices

How to build a secure admin panel for your SaaS app

Avoid common mistakes when building a SaaS admin panel. We outline some pitfalls and potential solutions specifically for SaaS builders!

Tags/
No items found.
July 5, 2023
Guides

How to prepare yourself for ISO 27001:2022

ISO 27001:2022 replaces ISO 27001:2013. Aikido helps you quickly comply with the new security controls so you and your customers can sleep at night.

Tags/
No items found.
June 19, 2023
Guides

Preventing fallout from your CI/CD platform being hacked

CI/CD is a prime target for hackers, so take steps that prevent fallout. Aikido Security identifies if your cloud is actively defending your CI/CD.

Tags/

#AWS

#Codeship

#Cloud

#CircleCI

June 12, 2023
Guides & Best Practices

How to Close Deals Faster with a Security Assessment Report

Aikido’s security assessment report enables startups to establish trust and credibility with leads and potential customers to close deals faster.

Tags/

#AppSec

#DevSecOps

June 5, 2023
Guides

Automate Technical Vulnerability Management [SOC 2]

How to become compliant without imposing a heavy workload on your dev team

Tags/
No items found.
June 1, 2023
Guides & Best Practices

Preventing prototype pollution in your repository

The Javascript ecosystem has a problem and it’s called prototype pollution. We recommend a solution called nopp, and we'll show you how to implement this.

Tags/

#AppSec

May 16, 2023
Guides

How does a SaaS startup CTO balance development speed and security?

As a CTO of multiple early-stage SaaS startups, I've learned some invaluable lessons on how to navigate the delicate dance between development speed and security.

Tags/
No items found.
April 10, 2023
Engineering

How a startup’s cloud got taken over by a simple form that sends emails

This is the story of an attacker who gained access to a startup’s Amazon S3 buckets, environment variables, and various internal API secrets.

Tags/

#AWS

#SSRF

#IMDSv1

#Cloud

#IMDSv2

January 19, 2023
Product & Company Updates

Aikido Security raises €2 million pre-seed round to build a developer-first software security platform

Belgian SaaS startup Aikido Security has raised €2 million in pre-seed funding from angel investors who support its mission to simplify software security.

Tags/

#AppSec

#Vulnerabilities

Get secure for free

Secure your code, cloud, and runtime in one central system.
Find and fix vulnerabilities fast automatically.

Start for Free
No CC required
Book a demo
No credit card required |Scan results in 32secs.