Aikido
Start for Free
No CC required

Charlie Eriksen

Malware Researcher
Charlie Eriksen is a Security Researcher at Aikido Security, with extensive experience across IT security - including in product and leadership roles. He is the founder of jswzl and he previously worked at Secure Code Warrior as a security researcher and co-founded Adversary.
Threat Modeling
Cyber Resilience Act
Triaging
AutoTriage
Pentesting
Bazel
Code Quality
OWASP
NIS2
Legaltech
fintech
RASP
End of Life
SQL Injections
DAST
cnapp
cspm
aspm
Infrastructure as a Code IaC
Network Security Monitoring
License Scanners
SBOM
Container Scanning
AppSec
Vulnerabilities
Software Supply Chain Security
API
Dependencies
Continuous Security Monitoring
DevSecOps
Vibe Coding
AI
NPM
autofix
Malware
Article
open-source
SCA
intel
SOC 2
usecase
Tools
SAST
Compliance
CircleCI
Codeship
IMDSv2
Cloud
IMDSv1
SSRF
AWS

Blog posts by Charlie Eriksen

September 18, 2025
Vulnerabilities & Threats

Bugs in Shai-Hulud: Debugging the Desert

The Shai Hulud worm had some bugs of its own, and required patching by the attackers. We also look at a timeline of events, to see how it unfolded.

Tags/

#Malware

September 16, 2025
Vulnerabilities & Threats

S1ngularity/nx attackers strike again

The attackers behind the nx attack have struck again, targeting a large amount of packages, with a first-of-its-kind worm payload.

Tags/

#Malware

September 12, 2025
Vulnerabilities & Threats

We Got Lucky: The Supply Chain Disaster That Almost Happened

Eighteen widely used open source packages were compromised, downloaded billions of times and embedded across nearly every cloud environment. The community dodged a bullet. But this close call shows just how fragile our software supply chain really is.

Tags/

#Malware

September 9, 2025
Vulnerabilities & Threats

duckdb npm packages compromised

The popular package duckdb was compromised by same attackers that hit debug and chalk

Tags/

#Malware

September 8, 2025
Vulnerabilities & Threats

npm debug and chalk packages compromised

The popular packages debug and chalk on npm have been compromised with malicious code

Tags/

#Malware

August 27, 2025
Vulnerabilities & Threats

Popular nx packages compromised on npm

The popular nx package on npm was compromised, and stolen data was published on GitHub publicly

Tags/

#Malware

#Software Supply Chain Security

#intel

June 12, 2025
Vulnerabilities & Threats

A deeper look into the threat actor behind the react-native-aria attack

We investigate the activity of the threat actor that compromised react-native-aria packages on npm, and how they are evolving their attacks.

Tags/

#Malware

#Software Supply Chain Security

June 12, 2025
Vulnerabilities & Threats

Malicious crypto-theft package targets Web3 developers in North Korean operation

Aikido Security uncovers a North Korean-linked supply chain attack using the fake npm package web3-wrapper-ethers to steal private keys from Web3 developers. Linked to Void Dokkaebi, the threat actor mirrors past DPRK crypto theft operations. Learn how the attack worked and what to do if you're affected.

Tags/

#Malware

June 7, 2025
Vulnerabilities & Threats

Active NPM Attack Escalates: 16 React Native Packages for GlueStack Backdoored Overnight

A sophisticated supply chain attack is actively compromising packages related to react-native-aria on NPM, deploying a stealthy Remote Access Trojan (RAT) hidden through obfuscation and spreading across modules with over a million weekly downloads.

Tags/

#Malware

#Vulnerabilities

May 13, 2025
Vulnerabilities & Threats

You're Invited: Delivering malware via Google Calendar invites and PUAs

Threat actor used malicious Google Invites and hidden Unicode “Private Use Access” characters (PUAs) to brilliantly obfuscate and hide a malicious NPM package.

Tags/

#NPM

#Malware

#Vulnerabilities

May 6, 2025
Vulnerabilities & Threats

RATatouille: A Malicious Recipe Hidden in rand-user-agent (Supply Chain Compromise)

RATatouille: A Malicious Recipe Hidden in rand-user-agent (Supply Chain Compromise)

Tags/

#Malware

#Software Supply Chain Security

April 22, 2025
Vulnerabilities & Threats

XRP supply chain attack: Official NPM package infected with crypto stealing backdoor

The official XPRL (Ripple) NPM package was compromised by sophisticated attackers who put in a backdoor to steal cryptocurrency private keys and gain access to cryptocurrency wallets.

Tags/

#Malware

#Vulnerabilities

Get secure for free

Secure your code, cloud, and runtime in one central system.
Find and fix vulnerabilities fast automatically.

Start for Free
No CC required
Book a demo
No credit card required |Scan results in 32secs.