Aikido
Start for Free
No CC required

Vulnerabilities & Threats

Subscribe to hear about critical security incidents

We'll send you updates on incidents as and when they happen
Featured
February 16, 2026

npm backdoor lets hackers hijack gambling outcomes

A targeted npm supply chain attack installs an Express backdoor, enables remote SQL/file access, and rewrites gambling balances while keeping logs consistent.

No items found.
February 4, 2026

npx Confusion: Packages That Forgot to Claim Their Own Name

We claimed 128 unclaimed npm package names that official docs told developers to npx. Seven months later: 121,000 downloads. All would have run arbitrary code.

#Malware

#open-source

#NPM

January 27, 2026

Fake Clawdbot VS Code Extension Installs ScreenConnect RAT

A malicious VS Code extension impersonating Clawdbot is installing ScreenConnect RAT on developer machines.

#Malware

#VS Code

Subscribe to our newsletter.
No spam, guaranteed.

Aikido Zen
IDOR vulnerabilities
IDE Security
Announcements
European Cyber Security
Continuous Pentesting
AI Safety
Self-securing Software
SSDLC
VS Code
AI Penetration Testing
Threat Modeling
Cyber Resilience Act
Triaging
AutoTriage
Pentesting
Bazel
Code Quality
OWASP
NIS2
Legaltech
fintech
RASP
End of Life
SQL Injections
DAST
cnapp
cspm
aspm
Infrastructure as a Code IaC
Network Security Monitoring
License Scanners
SBOM
Container Scanning
AppSec
Vulnerabilities
Software Supply Chain Security
API
Dependencies
Continuous Security Monitoring
DevSecOps
Vibe Coding
AI
NPM
autofix
Malware
Article
open-source
SCA
intel
SOC 2
usecase
Tools
SAST
Compliance
CircleCI
Codeship
IMDSv2
Cloud
IMDSv1
SSRF
AWS
June 27, 2024

110,000 sites affected by the Polyfill supply chain attack

A critical supply chain attack has compromised over 110,000 websites via cdn.polyfill.io—remove it immedaitely to protect user data and app integrity.

Tags/

#Vulnerabilities

October 17, 2023

What is a CVE?

What is a CVE? Common vulnerabilities and exposures database inform devs and security teams about past threats. CVSS scores report the severity of a CVE.

Tags/

#Vulnerabilities

September 27, 2023

Top 3 web application security vulnerabilities in 2024

Learn about the most common and critical web application security vulnerabilities in 2024. Covers SAST, DAST, and CSPM vulnerabilities. And how to fix them.

Tags/

#Vulnerabilities

#AppSec

July 12, 2023

What is OWASP Top 10?

What is OWASP Top 10? Learn about the importance of the OWASP Top 10 in building a secure, compliant, and trustworthy web application.

Tags/

#OWASP

#Vulnerabilities

Customer Stories

See how teams like yours are using Aikido to simplify security and ship with confidence.

See all

Compliance

Stay ahead of audits with clear, dev-friendly guidance on SOC 2, ISO standards, GDPR, NIS, and more.

See all

Guides & Best Practices

Actionable tips, security workflows, and how-to guides to help you ship safer code faster.

See all

DevSec Tools & Comparisons

Deep dives and side-by-sides of the top tools in the AppSec and DevSecOps landscape.

See all

Vulnerabilities & Threats

Cut through the noise with real-world CVE breakdowns, malware analysis, exploits, and emerging risks.

See all

Product & Company Updates

What’s new at Aikido—from product launches to big security wins.

See all

Get secure now

Secure your code, cloud, and runtime in one central system.
Find and fix vulnerabilities fast automatically.

Start Scanning
No CC required
Book a demo
No credit card required | Scan results in 32secs.