aikido.dev
Resources curated from this publisher and indexed across appsec.fyi topic pages. Last item added: 2026-06-25.
Supply Chain 16
Secrets 5
RCE 4
AI 3
Python 2
XSS 2
AuthN 1
AuthZ 1
Bug Bounty 1
GraphQL 1
IDOR 1
SSRF 1
| Date Added | Resource | Excerpt |
|---|---|---|
| 2026-06-25 2026 | Compromised GitHub action codfish/semantic-release-action steals CI/CD secretsSecretsSupply Chain | codfish/semantic-release-action was compromised on June 24, 2026. Attackers repointed v2–v5 tags to a Miasma credential-stealing payload targeting CI/CD secrets. Here's what happened and how to check ... |
| 2026-06-24 2026 | 5 Socket security alternatives and why they are betterSupply Chain | Library comparing Socket security alternatives, highlighting Aikido Security as a stronger option. It notes Socket's strengths in behavioral package analysis for supply chain attacks, but points out limitations in providing actionable fixes beyond upgrades, managing alerts across multiple repositories, and install-time protection bypasses. Socket also lacks container scanning, runtime protection, comprehensive license detection, and broader AppSec capabilities like SAST, DAST, or IaC scanning, leading to potential tool sprawl and increased incident risk. |
| 2026-06-24 2026 | Aikido x Drydock | A way for maintainers to catch malware before it shipsSupply Chain | Library for maintainers that integrates with Drydock to review staged package releases for malware before publishing. It analyzes staged npm packages by downloading tarballs, diffing them against previous versions, and flagging security-relevant changes like new lifecycle scripts, unexpected files, or network-accessing code. For PyPI or non-staged npm packages, it operates as a GitHub Actions gate. The tool supports npm and PyPI at no cost, allowing maintainers to catch malicious code before it enters public repositories. |
| 2026-06-18 2026 | Over 140 popular Mastra npm Packages Hit by Supply Chain AttackSupply Chain | Writeup detailing the @mastra npm supply chain attack, where 141 packages were compromised via a malicious dependency, `easy-day-js`. The attack leveraged `postinstall` scripts to download and execute obfuscated payloads from C2 servers, targeting crypto wallet extensions. This mirrors the `axios` compromise, employing similar tactics like staged malicious versions and self-deleting scripts to evade detection. |
| 2026-06-17 2026 | Over 140 popular Mastra npm Packages Hit by Supply Chain AttackSupply Chain | Analysis of a large-scale supply chain attack targeting the popular `@mastra` npm scope, where 141 packages were compromised by injecting a malicious `easy-day-js` dependency. This malicious package leveraged `postinstall` hooks to fetch and execute obfuscated payloads from C2 servers, targeting crypto wallet extensions and self-deleting to evade detection, mirroring techniques seen in the prior `axios` compromise. |
| 2026-06-17 2026 | Multiple JetBrains IDE plugins caught stealing AI keysSecretsSupply Chain | Library of malware-infected JetBrains IDE plugins were found exfiltrating AI provider API keys, including those for OpenAI, SiliconFlow, and DeepSeek. At least 15 plugins, installed nearly 70,000 times, disguised as AI coding assistants but secretly transmitted user-provided API keys to a server at 39.107.60[.]51 upon saving them in settings, with no user consent. Affected plugins include "DeepSeek Junit Test," "CodeGPT AI Assistant," and "DeepSeek AI Assist," published under multiple vendor accounts. |
| 2026-06-13 2026 | Full Fathom Five: The context of Anthropic’s Mythos-class public releaseAIAuthZ | Library for understanding Anthropic's Claude Fable 5 release, clarifying it's not a direct Mythos Preview access but a similarly capable model routed to Opus 4.8 for cybersecurity queries. It argues against focusing solely on CVEs and vendor vulnerabilities, highlighting that misconfigurations, stale permissions, and broken identity edges represent 80% of the security challenge and are the true targets for defensive AI investments, not an "AI hacker" scenario. |
| 2026-06-12 2026 | npm v12 delivers one of the biggest security improvements in yearsSupply Chain | Library update npm v12 will block dependency install scripts by default, significantly reducing supply chain attack vectors like Nx s1ngularity and Shai-Hulud, which exploited postinstall scripts. This change requires explicit approval for scripts via `npm approve-scripts` and also blocks implicit code execution from `binding.gyp` and insecure Git/remote-URL dependencies by default. The update, already available behind warnings in npm 11.16.0, aims to protect users who don't review package changes. |
| 2026-06-11 2026 | 10 year old critical vulnerability in phpBB affecting tens of millions of users across thousands of forumsAuthNRCE | Library for securing phpBB instances, detailing a critical Authentication Bypass vulnerability discovered by Aikido's AI pentesting tool. This flaw, affecting versions up to 3.3.16 and 4.0.0-a2, allows unauthenticated users to gain valid sessions and impersonate any user, including administrators, leading to potential private message leaks and full forum control. While direct RCE is not possible, the vulnerability necessitates immediate upgrades to phpBB 3.3.17 to mitigate account takeover risks. |
| 2026-06-11 2026 | Compromised Rust crate onering performs code exfiltrationSecretsSupply Chain | Writeup detailing a malicious Rust crate, "onering" version 1.4.1, which exfiltrates source code via a compromised `build.rs` script. This script collects Git commit metadata and diffs, disguises them as Sentry telemetry, and sends them to a Sentry ingest endpoint. The compromise affects both the crates.io package and the maintainer's GitHub repository, highlighting a growing trend of build-time payload execution in the Rust supply chain. |
| 2026-06-10 2026 | 10 year old critical vulnerability in phpBB affecting tens of millions of users across thousands of forumsRCE | Tool discovery by Aikido Attack identified a critical Authentication Bypass vulnerability in phpBB, potentially leading to Remote Code Execution. This flaw impacts versions up to 3.3.16 and 4.0.0-a2, and was promptly patched in version 3.3.17 following a rapid disclosure via HackerOne. Exploitation can grant unauthorized session access, exposing private messages or full administrative control. |
| 2026-06-10 2026 | Wait, binding.gyp Can Do What? Exploring npm's Weirdest Build SystemRCESupply Chain | Library for identifying vulnerabilities in `binding.gyp` files, which `npm` executes during package installation. This library explores how attackers can abuse `binding.gyp`'s command expansion feature and Python `eval()` sandbox to execute arbitrary code, as demonstrated by the Miasma worm which exploited Red Hat packages and others like `@vapi-ai/server-sdk`. It details techniques for escaping the `eval()` sandbox to achieve arbitrary code execution, even when no explicit lifecycle scripts are present in `package.json`. |
| 2026-06-08 2026 | Red Hat npm Packages Compromised to Spread a Credential-Stealing WormSecretsSupply Chain | Library detailing the compromise of 32 @redhat-cloud-services npm packages with Miasma, a credential-stealing worm variant similar to Mini Shai-Hulud. The attack exploited a compromised GitHub account to bypass npm's trusted publishing via GitHub Actions OIDC, injecting malicious `_index.js` payloads that steal cloud credentials, CI secrets, and SSH keys. This incident highlights vulnerabilities in CI/CD pipelines and the potential for open-sourced malware frameworks like Mini Shai-Hulud to be adapted by various threat actors. |
| 2026-06-08 2026 | Move over, Mythos. Here comes... pretty much any other model with a good harnessAI | Library for building application security scanning harnesses that orchestrate multiple AI models. It argues that the effectiveness of vulnerability discovery hinges more on the harness design than on specific frontier models like Mythos or GPT-5.5. Sophisticated harnesses, incorporating stages for reconnaissance, parallel agent hunting, validation, and tracing, enable scalable and cost-effective security testing by allowing flexible model swapping and leveraging cheaper models for wider candidate generation, while more powerful models can be reserved for deep analysis. |
| 2026-06-08 2026 | Why EDR and proxy won’t save you from supply chain malwareSupply Chain | Library for securing the developer supply chain, Aikido Device Protection operates directly on the machine to monitor package installation and runtime behavior. It addresses the critical gap left by traditional EDR and proxy solutions, which fail to detect malicious code embedded within trusted runtimes like npm or Python packages. Examples include post-install scripts stealing credentials or backdoored initialization files, bypassing standard security perimeters and process monitoring by mimicking legitimate operations. |
| 2026-06-08 2026 | What is AI SAST?AI | Library for AI SAST, which uses AI reasoning to analyze source code for security vulnerabilities like IDORs, broken access control, and business logic flaws. Unlike traditional pattern-matching SAST, AI SAST understands code intent, traces data flow across services, and identifies complex multi-step exploit chains. This AI-native approach offers pentest-grade reasoning for static analysis, distinguishing it from AI-augmented SAST which primarily focuses on triage and false positive reduction. |
| 2026-05-26 2026 | Why developer machines are now the number one target for supply chain attacksSupply Chain | Library providing enhanced security for developer machines, addressing the growing threat of supply chain attacks targeting workstations. It extends visibility beyond package registries to include IDE extensions, browser plugins, and AI tools, offering granular telemetry to detect and prevent vulnerabilities before they impact production. Examples mentioned include attacks via malicious VS Code extensions, Trivy, and compromised packages, highlighting the limitations of traditional EDR tools in monitoring developer environments. |
| 2026-05-23 2026 | Supply Chain Attack Targets Laravel-Lang Packages with Credential StealerSupply Chain | Library detecting a supply chain attack targeting Laravel-Lang packages, where malicious version tags pointed to a fork containing credential-stealing code. This malware, delivered via composer's autoloader, collects AWS, GCP, Azure, and other cloud credentials, infrastructure secrets, developer keys, browser passwords, cryptocurrency wallet files, and VPN configurations. The attack was reported to Packagist and Aikido provides detection and prevention tools, including Aikido Safe Chain for intercepting package installations. |
| 2026-05-20 2026 | GitHub breached via a malicious VS Code extension: why developer devices are the real targetSupply Chain | Library for on-device application security, Aikido Device Protection, combats threats from trusted developer tooling like VS Code extensions. It features real-time malware blocking by checking against a live feed and a configurable minimum age policy, preventing installation of recently published or updated packages within a set timeframe. This approach protects against attacks like the compromised Nx Console extension and Durable Task Python SDK by enforcing security at the workstation, independent of network controls and beyond the scope of traditional EDR solutions. |
| 2026-05-20 2026 | Microsoft's durabletask package on PyPi Compromised. Mini Shai Hulud attacks again... again!Python | Library versions 1.4.1, 1.4.2, and 1.4.3 of Microsoft's `durabletask` Python package on PyPI were compromised with a dropper that executes a sophisticated infostealer and worm. This payload targets credentials from cloud providers, password managers, and developer tools, propagating via SSM or kubectl in cloud environments. It also includes a destructive component triggered by specific system locales. The malware exfiltrates data encrypted with an RSA key and utilizes a GitHub-based dead-drop for command and control. |
| 2026-04-30 2026 | Mini Shai-Hulud Targets SAP npm Packages With a Bun-Based Secret StealerSupply Chain | Library detailing "Mini Shai-Hulud," a Bun-based secret stealer targeting SAP npm packages like `@cap-js/sqlite`, `@cap-js/postgres`, `@cap-js/db-service`, and `mbt`. The malware uses a `preinstall` script to download and execute a credential stealer, harvesting GitHub tokens, npm tokens, cloud secrets from AWS, Azure, GCP, and Kubernetes, and exfiltrating encrypted results via public GitHub repositories. It propagates by injecting malicious code into other packages and commits. |
| 2026-04-29 2026 | Bug bounty isnt dead but the old model is breakingBug Bounty | Analysis of the bug bounty model's evolution, discussing the impact of AI on report generation and validation costs, leading to programs like IBB pausing submissions and curl removing payouts. It highlights the shift from incentivized disclosure to expected disclosure, with a potential focus on more targeted rewards and better security outcomes rather than sheer report volume. |
| 2026-04-21 2026 | Introducing Endpoint Protection: Security for Developer DevicesSupply Chain | Library for protecting developer devices against software supply chain attacks. It prevents malicious package installs, IDE extensions, browser plug-ins, and AI skills by offering visibility into installed software, blocking threats before installation, enforcing package age policies, and enabling approval workflows. Built upon the open-source Safe Chain project and powered by the LLM-based Aikido Intel threat intelligence engine, it aims to secure developer workstations without hindering productivity, addressing vulnerabilities exemplified by the Shai-Hulud and Axios attacks. |
| 2026-04-17 2026 | Multiple Cross-Site Scripting (XSS) Vulnerabilities in MailcowXSS | Library detailing three XSS vulnerabilities found in Mailcow, including a critical unauthenticated flaw affecting administrator accounts via Autodiscover logs (GHSA-f9xf-vc72-rcgm). Another XSS targets administrators through attachment filenames in the Quarantine feature (GHSA-2xjc-rg88-jvpp), and a Self-XSS in Login History is escalated via Login CSRF (GHSA-jprq-w83q-q62h). All issues have been fixed since version 2026-03b. |
| 2026-04-17 2026 | IDOR Vulnerability Explained: Why IDOR Persists (Aikido)IDOR | Library for identifying Insecure Direct Object References (IDORs), a prevalent vulnerability in modern, API-driven applications. This resource details how IDORs manifest in practice, why traditional testing methods and DAST tools often miss them, and the limitations of static analysis in detecting these contextual authorization failures. It highlights that IDORs, also known as Broken Object Level Authorization (BOLA) in APIs, persist due to evolving system design and the assumption of ownership rather than revalidation, leading to potential data breaches and unauthorized modifications. |
| 2026-04-17 2026 | Prisma and PostgreSQL vulnerable to NoSQL injection? (Aikido)GraphQL | Library vulnerability analysis demonstrating how Prisma ORM, even with PostgreSQL, is susceptible to operator injection, commonly known as NoSQL injection. This occurs when user input is passed to query functions supporting string-based operators, such as `findFirst`, `findMany`, `updateMany`, and `deleteMany`. The analysis highlights exploits and recommends prevention techniques including casting user input to primitive data types, implementing robust server-side validation with libraries like Zod, and keeping ORMs like Prisma and Sequelize updated to benefit from security fixes. |
| 2026-04-10 2026 | Best Secret Scanning Tools in 2025Secrets | Library for detecting hard-coded secrets in code, configurations, and cloud infrastructure. It utilizes pattern recognition, entropy checks, and AI to identify sensitive data like API keys and passwords, aiming to prevent data breaches by automating detection and remediation. Notable features include context-aware detection correlating secrets with other vulnerabilities, one-click remediation for many secret types, and integration into developer workflows via IDE extensions and pre-commit hooks. The library supports broad scanning across Git repositories, container images, and cloud environments, offering a free tier for basic use. |
| 2026-04-10 2026 | n8n Critical Vulnerability (CVE-2026-21858): Unauthenticated RCERCE | Writeup of CVE-2026-21858, an unauthenticated RCE in n8n, allowing full compromise of locally deployed instances through arbitrary file access, authentication bypass, and command execution. Discovered by Cyera Research Labs and nicknamed 'Ni8mare', this vulnerability highlights automation platforms as high-impact attack surfaces. Remediation involves upgrading n8n, restricting exposure of Forms and Webhooks, and reviewing workflow configurations. |
| 2026-04-03 2026 | Python Security Vulnerabilities | Top Issues | AikidoPython | Library for identifying and mitigating common Python security vulnerabilities. It details risks like arbitrary code execution via `eval()` and `exec()`, OS command injection through `subprocess` and `os.system`, and the dangers of hardcoded secrets. The library emphasizes practical mitigation techniques, such as avoiding unsafe function usage, using argument lists with `subprocess`, and employing secure secret management practices. It highlights how SAST tools can detect these patterns early in development. |
| 2026-03-14 2026 | Persistent XSS/RCE using WebSockets in Storybooks dev serverXSS | Library of JavaScript code and examples addressing CVE-2026-27148, a high-severity WebSocket hijacking vulnerability in Storybook's dev server. This vulnerability can lead to persistent Cross-Site Scripting (XSS) and Remote Code Execution (RCE) by allowing attackers to inject malicious code into story files. Exploitation can occur via publicly exposed dev servers or through a malicious webpage visited by a developer running a local instance, potentially compromising credentials, system access, and network resources, and even propagating through version control and CI/CD pipelines. |
| 2026-02-23 2026 | Astro SSRF Vulnerability: Host Header Injection in SSR Error Pages (CVE-2026-25545)SSRF | Library for detecting Astro SSRF vulnerabilities, specifically CVE-2026-25545, caused by Host header injection in SSR error pages. This vulnerability allows attackers to craft requests that trick the Astro server into fetching arbitrary internal URLs, potentially exposing sensitive data. Exploitation requires SSR mode, an unsanitized Host header, and a configured custom error page (like `404.astro`). Patched versions include astro@5.17.2, @astrojs/node@9.5.3, and astro@6.0.0-beta.11. |