Aikido
Start for Free
No CC required

Ilyas Makari

Malware Research
Ilyas Makari is a Malware Researcher at Aikido Security
Aikido Endpoint
Pypi
Aikido Zen
IDOR vulnerabilities
IDE Security
Announcements
European Cyber Security
Continuous Pentesting
AI Safety
Self-securing Software
SSDLC
VS Code
AI Penetration Testing
Threat Modeling
Cyber Resilience Act
Triaging
AutoTriage
Pentesting
Bazel
Code Quality
OWASP
NIS2
Legaltech
fintech
RASP
End of Life
SQL Injections
DAST
cnapp
CSPM
ASPM
Infrastructure as a Code IaC
Network Security Monitoring
License Scanners
SBOM
Container Scanning
AppSec
Vulnerabilities
Software Supply Chain Security
API
Dependencies
Continuous Security Monitoring
DevSecOps
Vibe Coding
AI
NPM
autofix
Malware
Article
open-source
SCA
intel
SOC 2
usecase
Tools
SAST
Compliance
CircleCI
Codeship
IMDSv2
Cloud
IMDSv1
SSRF
AWS

Blog posts by Ilyas Makari

April 30, 2026
Vulnerabilities & Threats

Popular PyTorch Lightning Package Compromised by Mini Shai-Hulud

Malware found in popular PyTorch Lightning version 2.6.2 and 2.6.3, stealing credentials, crypto wallets, and VPN configs as part of the Mini Shai-Hulud campaign.

Tags/

#Malware

April 23, 2026
Vulnerabilities & Threats

Is Shai-Hulud Back? Compromised Bitwarden CLI Contains a Self-Propagating npm Worm

Malware found in @bitwarden/cli v2026.4.0 steals SSH keys, cloud secrets, and AI coding tool credentials, then spreads through victims' own npm packages. Inside: a worm calling itself "Shai-Hulud: The Third Coming."

Tags/

#Malware

April 22, 2026
Vulnerabilities & Threats

GPT-Proxy Backdoor in npm and PyPI turns Servers into Chinese LLM Relays

A newly discovered npm and PyPI malware campaign installs hidden LLM proxies on compromised servers, turning them into relay nodes for LLM traffic.

Tags/

#Malware

April 8, 2026
Vulnerabilities & Threats

GlassWorm goes native: New Zig dropper infects every IDE on your machine

GlassWorm deploys a Zig-based native dropper hidden within a fake extension, silently compromising VS Code, Cursor, VSCodium, and other IDEs.

Tags/

#Malware

March 18, 2026
Vulnerabilities & Threats

GlassWorm Hides a RAT Inside a Malicious Chrome Extension

GlassWorm deploys a multi-stage RAT that force-installs a malicious Chrome extension to log keystrokes, steal cookies, and exfiltrate data via Solana-based C2.

Tags/

#Malware

March 13, 2026
Vulnerabilities & Threats

Glassworm Is Back: A New Wave of Invisible Unicode Attacks Hits Hundreds of Repositories

The Glassworm supply chain attack is back. Researchers uncovered malware hidden in invisible Unicode characters across 150+ GitHub repositories, plus npm packages and VS Code extensions.

Tags/

#NPM

February 16, 2026
Vulnerabilities & Threats

npm backdoor lets hackers hijack gambling outcomes

A targeted npm supply chain attack installs an Express backdoor, enables remote SQL/file access, and rewrites gambling balances while keeping logs consistent.

Tags/
No items found.
November 25, 2025
Vulnerabilities & Threats

Shai Hulud Attacks Persist Through GitHub Actions Vulnerabilities

Shai Hulud threat actors are leveraging GitHub Actions vulnerabilities in an ongoing exploitation campaign. Discover the impact and recommended security measures.

Tags/

#Malware

#Vulnerabilities

October 31, 2025
Vulnerabilities & Threats

The Return of the Invisible Threat: Hidden PUA Unicode Hits GitHub repositorties

Threat actors are using Unprintable Unicode Characters to

Tags/

#Malware

Get secure now

Secure your code, cloud, and runtime in one central system.
Find and fix vulnerabilities fast automatically.

Start Scanning
No CC required
Book a demo
No credit card required | Scan results in 32secs.