Vulnerabilities & Threats

November 25, 2025

Shai Hulud Attacks Persist Through GitHub Actions Vulnerabilities

Shai Hulud threat actors are leveraging GitHub Actions vulnerabilities in an ongoing exploitation campaign. Discover the impact and recommended security measures.

#Malware

#Vulnerabilities

November 24, 2025

Shai Hulud Launches Second Supply-Chain Attack: Zapier, ENS, AsyncAPI, PostHog, Postman Compromised

The threat actor behind “Shai Hulud 2.0” launched a new malware campaign compromising the supply chain of Zapier, ENS Domains and more — exposing secrets, injecting malicious code, and enabling widespread developer-environment takeover.

#Malware

November 6, 2025

Invisible Unicode Malware Strikes OpenVSX, Again

Another wave of Open VSX extensions were compromised today.

#intel

#Malware

Subscribe to our changelog. No spam, guaranteed.

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.

February 14, 2025

Prisma and PostgreSQL vulnerable to NoSQL injection? A surprising security risk explained

Discover how Prisma ORM and PostgreSQL can be vulnerable to operator injection, a form of NoSQL injection. Learn how attackers exploit this risk and get practical tips to secure your JavaScript applications with input validation and safe query practices.

Tags/

#Vulnerabilities

November 24, 2024

Command injection in 2024 unpacked

Command injection continues to be a significant vulnerability in applications. This report reviews how many injection vulnerabilities are found in closed and open-source projects throughout 2024

Tags/

#Vulnerabilities

November 23, 2024

Path Traversal in 2024 - The year unpacked

This report looks at how prominant path traversal is in 2024 by analysing how many vulnerabilities involving path traversal were discovered in open-source and closed-source projects.

Tags/

#SAST

#Vulnerabilities

November 8, 2024

The State of SQL Injection

SQL injection also known as SQLi is one of the longest standing vulnerabilities still prominant today. This report reviews the trend of SQLi for 2024

Tags/

#Vulnerabilities

#SQL Injections

June 27, 2024

110,000 sites affected by the Polyfill supply chain attack

A critical supply chain attack has compromised over 110,000 websites via cdn.polyfill.io—remove it immedaitely to protect user data and app integrity.

Tags/

#Vulnerabilities

October 17, 2023

What is a CVE?

What is a CVE? Common vulnerabilities and exposures database inform devs and security teams about past threats. CVSS scores report the severity of a CVE.

Tags/

#Vulnerabilities

September 27, 2023

Top 3 web application security vulnerabilities in 2024

Learn about the most common and critical web application security vulnerabilities in 2024. Covers SAST, DAST, and CSPM vulnerabilities. And how to fix them.

Tags/

#Vulnerabilities

#AppSec

July 12, 2023

What is OWASP Top 10?

What is OWASP Top 10? Learn about the importance of the OWASP Top 10 in building a secure, compliant, and trustworthy web application.

Tags/

#OWASP

#Vulnerabilities

Customer Stories

See how teams like yours are using Aikido to simplify security and ship with confidence.

See all

Compliance

Stay ahead of audits with clear, dev-friendly guidance on SOC 2, ISO standards, GDPR, NIS, and more.

See all

Guides & Best Practices

Actionable tips, security workflows, and how-to guides to help you ship safer code faster.

See all

DevSec Tools & Comparisons

Deep dives and side-by-sides of the top tools in the AppSec and DevSecOps landscape.

See all