.avif)
Vulnerabilities & Threats
GlassWorm Hides a RAT Inside a Malicious Chrome Extension
GlassWorm deploys a multi-stage RAT that force-installs a malicious Chrome extension to log keystrokes, steal cookies, and exfiltrate data via Solana-based C2.
Critical React & Next.js RCE Vulnerability (CVE-2025-55182): What You Need to Fix Now
Learn how CVE-2025-55182 and the related Next.js RCE affect React Server Components. See impact, affected versions, and how to fix. Aikido now detects both issues.
Shai Hulud 2.0: What the Unknown Wonderer Tells Us About the Attackers’ Endgame
New research into the Shai Hulud 2.0 malware suggests the username UnknownWonderer1 tells us more about the attackers’ endgame.
Shai Hulud Attacks Persist Through GitHub Actions Vulnerabilities
Shai Hulud threat actors are leveraging GitHub Actions vulnerabilities in an ongoing exploitation campaign. Discover the impact and recommended security measures.
Shai Hulud Launches Second Supply-Chain Attack: Zapier, ENS, AsyncAPI, PostHog, Postman Compromised
The threat actor behind “Shai Hulud 2.0” launched a new malware campaign compromising the supply chain of Zapier, ENS Domains and more — exposing secrets, injecting malicious code, and enabling widespread developer-environment takeover.
Invisible Unicode Malware Strikes OpenVSX, Again
Another wave of Open VSX extensions were compromised today.
The Return of the Invisible Threat: Hidden PUA Unicode Hits GitHub repositorties
Threat actors are using Unprintable Unicode Characters to
Bugs in Shai-Hulud: Debugging the Desert
The Shai Hulud worm had some bugs of its own, and required patching by the attackers. We also look at a timeline of events, to see how it unfolded.
S1ngularity/nx attackers strike again
The attackers behind the nx attack have struck again, targeting a large amount of packages, with a first-of-its-kind worm payload.
We Got Lucky: The Supply Chain Disaster That Almost Happened
Eighteen widely used open source packages were compromised, downloaded billions of times and embedded across nearly every cloud environment. The community dodged a bullet. But this close call shows just how fragile our software supply chain really is.
duckdb npm packages compromised
The popular package duckdb was compromised by same attackers that hit debug and chalk
Customer Stories
See how teams like yours are using Aikido to simplify security and ship with confidence.
Compliance
Stay ahead of audits with clear, dev-friendly guidance on SOC 2, ISO standards, GDPR, NIS, and more.
Guides & Best Practices
Actionable tips, security workflows, and how-to guides to help you ship safer code faster.
DevSec Tools & Comparisons
Deep dives and side-by-sides of the top tools in the AppSec and DevSecOps landscape.
Get secure now
Secure your code, cloud, and runtime in one central system.
Find and fix vulnerabilities fast automatically.
