Aikido
Start for Free
No CC required

Vulnerabilities & Threats

Featured
April 22, 2025

XRP supply chain attack: Official NPM package infected with crypto stealing backdoor

The official XPRL (Ripple) NPM package was compromised by sophisticated attackers who put in a backdoor to steal cryptocurrency private keys and gain access to cryptocurrency wallets.

Tags/

Malware,

Vulnerabilities,

November 8, 2024

The State of SQL Injection

SQL injection also known as SQLi is one of the longest standing vulnerabilities still prominant today. This report reviews the trend of SQLi for 2024

Tags/

Vulnerabilities,

SQL Injections,

July 12, 2023

What is OWASP Top 10?

What is OWASP Top 10? Learn about the importance of the OWASP Top 10 in building a secure, compliant, and trustworthy web application.

Tags/

OWASP,

Vulnerabilities,

Subscribe to our changelog.
No spam, guaranteed.

OWASP
NIS2
Legaltech
fintech
RASP
End of Life
SQL Injections
DAST
cnapp
cspm
aspm
Infrastructure as a Code IaC
Network Security Monitoring
License Scanners
SBOM
Container Scanning
AppSec
Vulnerabilities
Software Supply Chain Security
API
Dependencies
Continuous Security Monitoring
DevSecOps
Vibe Coding
AI
NPM
autofix
Malware
Article
open-source
SCA
intel
SOC 2
usecase
Tools
SAST
Compliance
CircleCI
Codeship
IMDSv2
Cloud
IMDSv1
SSRF
AWS
May 13, 2025

You're Invited: Delivering malware via Google Calendar invites and PUAs

Threat actor used malicious Google Invites and hidden Unicode “Private Use Access” characters (PUAs) to brilliantly obfuscate and hide a malicious NPM package.

Tags/

NPM,

Malware,

Vulnerabilities,

May 6, 2025

RATatouille: A Malicious Recipe Hidden in rand-user-agent (Supply Chain Compromise)

RATatouille: A Malicious Recipe Hidden in rand-user-agent (Supply Chain Compromise)

Tags/

Malware,

Software Supply Chain Security,

April 10, 2025

The malware dating guide: Understanding the types of malware on NPM

A breakdown of real-world malicious npm packages and the techniques they use to exploit the JavaScript supply chain.

Tags/

Malware,

Vulnerabilities,

April 3, 2025

Hide and Fail: Obfuscated Malware, Empty Payloads, and npm Shenanigans

Investigating a failed npm malware campaign using time-delayed payloads, obfuscation tricks, and reused dependencies.

Tags/

Malware,

NPM,

March 31, 2025

Malware hiding in plain sight: Spying on North Korean Hackers

When a malicious NPMjs package was uploaded, we didn't expect we would be watching the North Korean Lazarus group debug it in real time. But we did/

Tags/

Malware,

March 16, 2025

Get the TL;DR: tj-actions/changed-files Supply Chain Attack

Let’s get into the tj-actions/changed-files supply chain attack, what you should do, what happened, and more information.

Tags/

Vulnerabilities,

Malware,

February 14, 2025

Prisma and PostgreSQL vulnerable to NoSQL injection? A surprising security risk explained

Discover how Prisma ORM and PostgreSQL can be vulnerable to operator injection, a form of NoSQL injection. Learn how attackers exploit this risk and get practical tips to secure your JavaScript applications with input validation and safe query practices.

Tags/

Vulnerabilities,

November 23, 2024

Path Traversal in 2024 - The year unpacked

This report looks at how prominant path traversal is in 2024 by analysing how many vulnerabilities involving path traversal were discovered in open-source and closed-source projects.

Tags/

SAST,

Vulnerabilities,

November 24, 2024

Command injection in 2024 unpacked

Command injection continues to be a significant vulnerability in applications. This report reviews how many injection vulnerabilities are found in closed and open-source projects throughout 2024

Tags/

Vulnerabilities,

June 27, 2024

110,000 sites affected by the Polyfill supply chain attack

A critical supply chain attack has compromised over 110,000 websites via cdn.polyfill.io—remove it immedaitely to protect user data and app integrity.

Tags/

Vulnerabilities,

October 17, 2023

What is a CVE?

What is a CVE? Common vulnerabilities and exposures database inform devs and security teams about past threats. CVSS scores report the severity of a CVE.

Tags/

Vulnerabilities,

September 27, 2023

Top 3 web application security vulnerabilities in 2024

Learn about the most common and critical web application security vulnerabilities in 2024. Covers SAST, DAST, and CSPM vulnerabilities. And how to fix them.

Tags/

Vulnerabilities,

AppSec,

Guides & Best Practices

Actionable tips, security workflows, and how-to guides to help you ship safer code faster.

See all

DevSec Tools & Comparisons

Deep dives and side-by-sides of the top tools in the AppSec and DevSecOps landscape.

See all

Vulnerabilities & Threats

Cut through the noise with real-world CVE breakdowns, malware analysis, exploits, and emerging risks.

See all

Product & Company Updates

What’s new at Aikido—from product launches to big security wins.

See all

Get secure for free

Secure your code, cloud, and runtime in one central system.
Find and fix vulnerabilities fast automatically.

Start for Free
No CC required
Book a demo
No credit card required |Scan results in 32secs.