.avif)
Vulnerabilities & Threats
Shai Hulud 2.0: What the Unknown Wonderer Tells Us About the Attackers’ Endgame
New research into the Shai Hulud 2.0 malware suggests the username UnknownWonderer1 tells us more about the attackers’ endgame.
Shai Hulud Attacks Persist Through GitHub Actions Vulnerabilities
Shai Hulud threat actors are leveraging GitHub Actions vulnerabilities in an ongoing exploitation campaign. Discover the impact and recommended security measures.
Shai Hulud Launches Second Supply-Chain Attack: Zapier, ENS, AsyncAPI, PostHog, Postman Compromised
The threat actor behind “Shai Hulud 2.0” launched a new malware campaign compromising the supply chain of Zapier, ENS Domains and more — exposing secrets, injecting malicious code, and enabling widespread developer-environment takeover.
Top 9 Docker Container Security Vulnerabilities
Discover the top Docker container security vulnerabilities, their risks, and best practices to secure your applications against modern container threats
Hide and Fail: Obfuscated Malware, Empty Payloads, and npm Shenanigans
Investigating a failed npm malware campaign using time-delayed payloads, obfuscation tricks, and reused dependencies.
Malware hiding in plain sight: Spying on North Korean Hackers
When a malicious NPMjs package was uploaded, we didn't expect we would be watching the North Korean Lazarus group debug it in real time. But we did/
Get the TL;DR: tj-actions/changed-files Supply Chain Attack
Let’s get into the tj-actions/changed-files supply chain attack, what you should do, what happened, and more information.
Prisma and PostgreSQL vulnerable to NoSQL injection? A surprising security risk explained
Discover how Prisma ORM and PostgreSQL can be vulnerable to operator injection, a form of NoSQL injection. Learn how attackers exploit this risk and get practical tips to secure your JavaScript applications with input validation and safe query practices.
Command injection in 2024 unpacked
Command injection continues to be a significant vulnerability in applications. This report reviews how many injection vulnerabilities are found in closed and open-source projects throughout 2024
Path Traversal in 2024 - The year unpacked
This report looks at how prominant path traversal is in 2024 by analysing how many vulnerabilities involving path traversal were discovered in open-source and closed-source projects.
The State of SQL Injection
SQL injection also known as SQLi is one of the longest standing vulnerabilities still prominant today. This report reviews the trend of SQLi for 2024
110,000 sites affected by the Polyfill supply chain attack
A critical supply chain attack has compromised over 110,000 websites via cdn.polyfill.io—remove it immedaitely to protect user data and app integrity.
What is a CVE?
What is a CVE? Common vulnerabilities and exposures database inform devs and security teams about past threats. CVSS scores report the severity of a CVE.
Customer Stories
See how teams like yours are using Aikido to simplify security and ship with confidence.
Compliance
Stay ahead of audits with clear, dev-friendly guidance on SOC 2, ISO standards, GDPR, NIS, and more.
Guides & Best Practices
Actionable tips, security workflows, and how-to guides to help you ship safer code faster.
DevSec Tools & Comparisons
Deep dives and side-by-sides of the top tools in the AppSec and DevSecOps landscape.
Get secure now
Secure your code, cloud, and runtime in one central system.
Find and fix vulnerabilities fast automatically.
.avif)
