A new strain of the Shai Hulud worm is discovered by researchers, signaling the self-propagating supply chain threat ...

Malicious content in issues or pull requests can trick AI agents in CI/CD workflows into running privileged commands in an attack researchers nicknamed PromptPwnd. AI agents embedded in CI/CD ...

The Shai-Hulud supply chain attack campaign, already responsible for compromising hundreds of CrowdStrike’s NPM packages in September, is back with a vengeance, according to a new warning by the folks ...

This project provides a complete session continuity system designed to maintain context between work sessions, ensuring consistent progress on MA-level Aikido blog content. The system uses Claude Code ...

GHENT, Belgium—Aikido Security has announced the acquisition of AI-native penetration testing platform developers Allseek and Haicker. Together, they are transforming weeks-long pen tests into ...

At least 187 code packages made available through the JavaScript repository NPM have been infected with a self-replicating worm that steals credentials from developers and publishes those secrets on ...

Steven Seagal was surely one of the most recognized action stars of the '90s. Movies like Under Siege, The Glimmer Man, and Fire Down Below made him a permanent fixture in the action movie genre. But ...

On September 8, 2025 Anchore was made aware of an incident involving a number of popular NPM packages to insert malware. The technical details of the attack can be found in the Aikido blog post: npm ...

A phishing email was at the heart of the attack. NPM team quickly removed backdoored versions. 18 packages hit, with 2B+ downloads every week. A new digital supply chain attack has targeted popular ...

Malware hidden in widely used libraries like chalk and debug hijacked crypto transactions via browser APIs, exposing deep flaws in the open-source trust model. A massive supply chain attack ...

Crims have added backdoors to at least 18 npm packages after developer Josh Junon inadvertently authorized a reset of the two-factor authentication protecting his npm account. The malware targets ...

At least 18 popular JavaScript code packages that are collectively downloaded more than two billion times each week were briefly compromised with malicious software today, after a developer involved ...