Aikido
Start for Free
No CC required

Vulnerabilities & Threats

Subscribe to hear about critical security incidents

We'll send you updates on incidents as and when they happen
Featured
April 30, 2026

Popular PyTorch Lightning Package Compromised by Mini Shai-Hulud

Malware found in popular PyTorch Lightning version 2.6.2 and 2.6.3, stealing credentials, crypto wallets, and VPN configs as part of the Mini Shai-Hulud campaign.

#Malware

April 29, 2026

Someone published four versions of a fake "tanstack" package in 27 minutes to steal your .env files

A fake "tanstack" npm package published four malicious versions in 27 minutes today, exfiltrating .env files via a postinstall hook. Here's what happened, who was affected, and how to rotate your credentials.

#Malware

April 29, 2026

Mini Shai-Hulud Targets SAP npm Packages With a Bun-Based Secret Stealer

Compromised SAP npm packages use a Bun-based preinstall payload to steal GitHub, npm, cloud, and CI secrets, then spread via GitHub using OhNoWhatsGoingOnWithGitHub.

#Malware

#NPM

Subscribe to our newsletter.
No spam, guaranteed.

Aikido Endpoint
Pypi
Aikido Zen
IDOR vulnerabilities
IDE Security
Announcements
European Cyber Security
Continuous Pentesting
AI Safety
Self-securing Software
SSDLC
VS Code
AI Penetration Testing
Threat Modeling
Cyber Resilience Act
Triaging
AutoTriage
Pentesting
Bazel
Code Quality
OWASP
NIS2
Legaltech
fintech
RASP
End of Life
SQL Injections
DAST
cnapp
CSPM
ASPM
Infrastructure as a Code IaC
Network Security Monitoring
License Scanners
SBOM
Container Scanning
AppSec
Vulnerabilities
Software Supply Chain Security
API
Dependencies
Continuous Security Monitoring
DevSecOps
Vibe Coding
AI
NPM
autofix
Malware
Article
open-source
SCA
intel
SOC 2
usecase
Tools
SAST
Compliance
CircleCI
Codeship
IMDSv2
Cloud
IMDSv1
SSRF
AWS

Roundcube XSS chained with cookie tossing for full inbox access

We found a stored XSS in Roundcube's draft attachment endpoint that, chained with a cookie tossing technique, gives an attacker full access to a victim's inbox. Here's how the exploit chain works and how it was patched

Tags/
No items found.

Vulnerabilities & Threats

Cut through the noise with real-world CVE breakdowns, malware analysis, exploits, and emerging risks.

See all

News

Our perspective on the stories shaping software security right now

See all

Customer Stories

See how teams like yours are using Aikido to simplify security and ship with confidence.

See all

Product & Company Updates

What’s new at Aikido—from product launches to big security wins.

See all

Guides & Best Practices

Actionable tips, security workflows, and how-to guides to help you ship safer code faster.

See all

Compliance

Stay ahead of audits with clear, dev-friendly guidance on SOC 2, ISO standards, GDPR, NIS, and more.

See all

Get secure now

Secure your code, cloud, and runtime in one central system.
Find and fix vulnerabilities fast automatically.

Start Scanning
No CC required
Book a demo
No credit card required | Scan results in 32secs.