Aikido Security (@AikidoSecurity) / X

Aikido Security

2,129 posts

Aikido Security

@AikidoSecurity

Secure everything devs build, ship & run. 🌐 aikido.dev ⭐️ github.com/AikidoSec Get developers back to building.

San Francisco, CA

aikido.dev

Joined September 2022

Pinned
Aikido Security
@AikidoSecurity
May 14
Aikido Intel is your earliest warning for supply chain threats. Our engine detects malware and vulnerabilities in open-source ecosystems within minutes. Built by our team of security researchers & AI engineers. Bookmark it: intel.aikido.dev
63K
Aikido Security
@AikidoSecurity
14h
⚡️ Betterleaks v1.6.0 is here. Faster startup, lower cold-scan overhead, smaller runtime. - CEL replaced with Expr for filtering and validation. Existing CEL-shaped configs remain supported, but new configs should use Expr syntax. - Much faster cold starts by lazily
896
Aikido Security
@AikidoSecurity
14h
Release v1.6.0 · betterleaks/betterleaks
From github.com
356
Aikido Security
@AikidoSecurity
15h
npm now freezes high-impact accounts for 72 hours after sensitive actions like an email swap or 2FA recovery code use. It's a direct response to the axios and Mastra attacks. Changing the account email is how attackers cut off the real owner's recovery path. Now npm catches it.
1.1K
Aikido Security
@AikidoSecurity
15h
npm now freezes high-impact accounts after risky account changes
From aikido.dev
248
Aikido Security
@AikidoSecurity
17h
Ramen Club is coming to @BlackHatEvents soon 🍜👀
00:00
596
Aikido Security reposted
Charles Maddock
@charles_maddock
Jun 27
New LLM benchmark just dropped
655K
Aikido Security
@AikidoSecurity
Jun 26
❗Miasma hit the @ImmobiliareLabs Backstage LDAP auth and GitLab backend plugins today via GitHub Actions. Auth plugins are a big target for a credential-stealing worm. The affected packages appear to include: - immobiliarelabs/backstage-plugin-ldap-auth-backend -
1.1K
Aikido Security reposted
Charlie Eriksen
@CharlieEriksen
Jun 26
We just observed a surge in exfil repos occurring alongside several packages within the scope of @ImmobiliareLabs being compromised with a wormy boy. Stay vigilant out there in the heat!
3.8K
Aikido Security
@AikidoSecurity
Jun 26
Article
June 2026 Newsletter: Fable's visit, npm improvements, and malware in the JetBrains Marketplace
Hello friends, Second edition of our newsletter (first one on X), and we first need to address the AI-lephant in the room. Anthropic dropped Fable a couple weeks ago, and just like that, it was gone....
1.9K
Aikido Security
@AikidoSecurity
Jun 26
Aikido now blocks malware in Composer by default, part of how Packagist is fixing PHP supply chain security one step at a time. On Composer 2.10+, any install, update, or require command will automatically skip package versions Aikido has flagged as malicious.
1.3K
Aikido Security
@AikidoSecurity
Jun 26
Packagist is now protected by Aikido Intel and other updates to the PHP registry
From aikido.dev
354
Aikido Security
@AikidoSecurity
Jun 25
GitHub shipped actions/checkout v7, which now blocks pwn request patterns by default in pull_request_target workflows. Many recent supply chain attacks, like the S1ngularity and Shai-Hulud campaigns, exploited pwn requests. While you can still override the default, it's
2.7K
Aikido Security
@AikidoSecurity
Jun 25
Security Checklist for GitHub Actions
From aikido.dev
352
Aikido Security
@AikidoSecurity
Jun 24
🔥 JUST DROPPED: State of AI in Pentesting 2026 Software is shipping faster than testing can keep up. We surveyed 400 CISOs, CTOs, and senior engineering leaders across Europe and the US to understand how AI is changing security testing. Key findings: • 76% deploy significant
00:00
2.6K
Aikido Security
@AikidoSecurity
Jun 24
Get the full report:
State of AI in Pentesting 2026 | Aikido
From aikido.dev
367
Aikido Security reposted
Docker
@Docker
Jun 24
The expo floor closes. Time for the AI conversations you won't find on stage. If you're at AI Engineer World's Fair, join Docker, @Tailscale, @AikidoSecurity, @inngest, and @rootlyhq for drinks, darts, and good company. 📍 Golden Eye Social, SF 🕕 July 1, 6PM Register →
6.2K
Aikido Security
@AikidoSecurity
Jun 23
npm recently added staged publishing, but maintainers still can't see what's inside the package they're approving. We're partnering with Drydock.org so maintainers see exactly what's inside a package before approving it. Catch it before it ships, not after.
2.2K
Aikido Security
@AikidoSecurity
Jun 23
More here:
Aikido Partners with Drydock to Bring Pre-Publish Malware Review to npm and PyPI
From aikido.dev
306