Raphael Silva

Security Reseacher

Raphael is a security researcher at Aikido. His vulnerability research has resulted in multiple published CVEs and has presented on security topics at DEFCON and OWASP Global AppSec. Before Aikido, Raphael was a lead security researcher at Checkmarx.

Blog posts by Raphael Silva

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.

April 29, 2026

•

Vulnerabilities & Threats

Mini Shai-Hulud Targets SAP npm Packages With a Bun-Based Secret Stealer

Compromised SAP npm packages use a Bun-based preinstall payload to steal GitHub, npm, cloud, and CI secrets, then spread via GitHub using OhNoWhatsGoingOnWithGitHub.

Tags/

#Malware

#NPM

March 18, 2026

•

Vulnerabilities & Threats

fast-draft Open VSX Extension Compromised by BlokTrooper

The fast-draft Open VSX extension was compromised to deploy a BlokTrooper RAT and infostealer via GitHub-hosted payloads. Multiple malicious versions identified.

Tags/

#Malware

#open-source

March 16, 2026

•

Vulnerabilities & Threats

Glassworm Strikes Popular React Native Phone Number Packages

Aikido Security researchers recovered and decrypted the full payload chain from two malicious React Native packages. Here's what the malware does and what to look for.

Tags/

#Malware

#NPM

Get secure now

Secure your code, cloud, and runtime in one central system.
Find and fix vulnerabilities fast automatically.

Start Scanning

No CC required

Book a demo

No credit card required | Scan results in 32secs.