Aikido
Start for Free
No CC required

Vulnerabilities & Threats

Subscribe to hear about critical security incidents

We'll send you updates on incidents as and when they happen
Featured
April 23, 2026

Is Shai-Hulud Back? Compromised Bitwarden CLI Contains a Self-Propagating npm Worm

Malware found in @bitwarden/cli v2026.4.0 steals SSH keys, cloud secrets, and AI coding tool credentials, then spreads through victims' own npm packages. Inside: a worm calling itself "Shai-Hulud: The Third Coming."

#Malware

April 22, 2026

GPT-Proxy Backdoor in npm and PyPI turns Servers into Chinese LLM Relays

A newly discovered npm and PyPI malware campaign installs hidden LLM proxies on compromised servers, turning them into relay nodes for LLM traffic.

#Malware

April 8, 2026

GlassWorm goes native: New Zig dropper infects every IDE on your machine

GlassWorm deploys a Zig-based native dropper hidden within a fake extension, silently compromising VS Code, Cursor, VSCodium, and other IDEs.

#Malware

Subscribe to our newsletter.
No spam, guaranteed.

Pypi
Aikido Zen
IDOR vulnerabilities
IDE Security
Announcements
European Cyber Security
Continuous Pentesting
AI Safety
Self-securing Software
SSDLC
VS Code
AI Penetration Testing
Threat Modeling
Cyber Resilience Act
Triaging
AutoTriage
Pentesting
Bazel
Code Quality
OWASP
NIS2
Legaltech
fintech
RASP
End of Life
SQL Injections
DAST
cnapp
cspm
aspm
Infrastructure as a Code IaC
Network Security Monitoring
License Scanners
SBOM
Container Scanning
AppSec
Vulnerabilities
Software Supply Chain Security
API
Dependencies
Continuous Security Monitoring
DevSecOps
Vibe Coding
AI
NPM
autofix
Malware
Article
open-source
SCA
intel
SOC 2
usecase
Tools
SAST
Compliance
CircleCI
Codeship
IMDSv2
Cloud
IMDSv1
SSRF
AWS
April 23, 2026

Is Shai-Hulud Back? Compromised Bitwarden CLI Contains a Self-Propagating npm Worm

Malware found in @bitwarden/cli v2026.4.0 steals SSH keys, cloud secrets, and AI coding tool credentials, then spreads through victims' own npm packages. Inside: a worm calling itself "Shai-Hulud: The Third Coming."

Tags/

#Malware

April 22, 2026

GPT-Proxy Backdoor in npm and PyPI turns Servers into Chinese LLM Relays

A newly discovered npm and PyPI malware campaign installs hidden LLM proxies on compromised servers, turning them into relay nodes for LLM traffic.

Tags/

#Malware

April 17, 2026

Multiple Cross-Site Scripting (XSS) Vulnerabilities in Mailcow

Aikido's AI pentest agent found three XSS vulnerabilities in Mailcow, one of which let unauthenticated attackers take over administrator accounts. All issues have been patched as of version 2026-03b.

Tags/

#Vulnerabilities

#open-source

April 14, 2026

Axios CVE-2026-40175: a critical bug that’s… not exploitable

Axios CVE-2026-40175 is rated critical, but in real Node.js environments it’s not practically exploitable. Here’s why.

Tags/
No items found.
April 8, 2026

GlassWorm goes native: New Zig dropper infects every IDE on your machine

GlassWorm deploys a Zig-based native dropper hidden within a fake extension, silently compromising VS Code, Cursor, VSCodium, and other IDEs.

Tags/

#Malware

April 8, 2026

Aikido Attack finds multiple 0-days in Hoppscotch

Aikido’s AI pentesting agents discovered multiple high-severity vulnerabilities in Hoppscotch, including account takeover, stored XSS, and access control flaws. All issues are now patched.

Tags/

#Malware

#AI Penetration Testing

#open-source

March 30, 2026

axios compromised on npm: maintainer account hijacked, RAT deployed

Malicious axios versions 1.14.1 and 0.30.4 were published via a hijacked maintainer account. A hidden dependency deploys a cross-platform RAT. Check if you are affected and remediate now.

Tags/

#Malware

March 27, 2026

Popular telnyx package compromised on PyPI by TeamPCP

The popular telnyx packageon PyPI, used by big AI companies, has been compromised by TeamPCP

Tags/

#Malware

#Pypi

March 22, 2026

CanisterWorm Gets Teeth: TeamPCP's Kubernetes Wiper Targets Iran

CanisterWorm Gets Teeth: TeamPCP's Kubernetes Wiper Targets Iran

Tags/

#NPM

#Malware

March 20, 2026

TeamPCP deploys CanisterWorm on NPM following Trivy compromise

TeamPCP deploys CanisterWorm on NPM following Trivy compromise

Tags/

#NPM

#Malware

March 18, 2026

GlassWorm Hides a RAT Inside a Malicious Chrome Extension

GlassWorm deploys a multi-stage RAT that force-installs a malicious Chrome extension to log keystrokes, steal cookies, and exfiltrate data via Solana-based C2.

Tags/

#Malware

March 18, 2026

fast-draft Open VSX Extension Compromised by BlokTrooper

The fast-draft Open VSX extension was compromised to deploy a BlokTrooper RAT and infostealer via GitHub-hosted payloads. Multiple malicious versions identified.

Tags/

#Malware

#open-source

Vulnerabilities & Threats

Cut through the noise with real-world CVE breakdowns, malware analysis, exploits, and emerging risks.

See all

News

Our perspective on the stories shaping software security right now

See all

Customer Stories

See how teams like yours are using Aikido to simplify security and ship with confidence.

See all

Product & Company Updates

What’s new at Aikido—from product launches to big security wins.

See all

Guides & Best Practices

Actionable tips, security workflows, and how-to guides to help you ship safer code faster.

See all

Compliance

Stay ahead of audits with clear, dev-friendly guidance on SOC 2, ISO standards, GDPR, NIS, and more.

See all

Get secure now

Secure your code, cloud, and runtime in one central system.
Find and fix vulnerabilities fast automatically.

Start Scanning
No CC required
Book a demo
No credit card required | Scan results in 32secs.