.avif)
Vulnerabilities & Threats
.png)
Bugs in Shai-Hulud: Debugging the Desert
The Shai Hulud worm had some bugs of its own, and required patching by the attackers. We also look at a timeline of events, to see how it unfolded.
RATatouille: A Malicious Recipe Hidden in rand-user-agent (Supply Chain Compromise)
RATatouille: A Malicious Recipe Hidden in rand-user-agent (Supply Chain Compromise)
XRP supply chain attack: Official NPM package infected with crypto stealing backdoor
The official XPRL (Ripple) NPM package was compromised by sophisticated attackers who put in a backdoor to steal cryptocurrency private keys and gain access to cryptocurrency wallets.
The malware dating guide: Understanding the types of malware on NPM
A breakdown of real-world malicious npm packages and the techniques they use to exploit the JavaScript supply chain.
Hide and Fail: Obfuscated Malware, Empty Payloads, and npm Shenanigans
Investigating a failed npm malware campaign using time-delayed payloads, obfuscation tricks, and reused dependencies.
Malware hiding in plain sight: Spying on North Korean Hackers
When a malicious NPMjs package was uploaded, we didn't expect we would be watching the North Korean Lazarus group debug it in real time. But we did/
Get the TL;DR: tj-actions/changed-files Supply Chain Attack
Let’s get into the tj-actions/changed-files supply chain attack, what you should do, what happened, and more information.
Prisma and PostgreSQL vulnerable to NoSQL injection? A surprising security risk explained
Discover how Prisma ORM and PostgreSQL can be vulnerable to operator injection, a form of NoSQL injection. Learn how attackers exploit this risk and get practical tips to secure your JavaScript applications with input validation and safe query practices.
Command injection in 2024 unpacked
Command injection continues to be a significant vulnerability in applications. This report reviews how many injection vulnerabilities are found in closed and open-source projects throughout 2024
Path Traversal in 2024 - The year unpacked
This report looks at how prominant path traversal is in 2024 by analysing how many vulnerabilities involving path traversal were discovered in open-source and closed-source projects.
The State of SQL Injection
SQL injection also known as SQLi is one of the longest standing vulnerabilities still prominant today. This report reviews the trend of SQLi for 2024
Customer Stories
See how teams like yours are using Aikido to simplify security and ship with confidence.
Compliance
Stay ahead of audits with clear, dev-friendly guidance on SOC 2, ISO standards, GDPR, NIS, and more.
Guides & Best Practices
Actionable tips, security workflows, and how-to guides to help you ship safer code faster.
DevSec Tools & Comparisons
Deep dives and side-by-sides of the top tools in the AppSec and DevSecOps landscape.
Get secure for free
Secure your code, cloud, and runtime in one central system.
Find and fix vulnerabilities fast automatically.
.avif)
