banner
LightNews
aikidosecurity.bsky.social
aikido | no bullsh*t security for devs
@aikidosecurity.bsky.social
470 followers 270 following 90 posts
No bullsh*t security for devs. Secure code, cloud, and runtime in one central system. fix issues automatically. Get back to building. 🔗 aikido.dev
Posts Media Videos Starter Packs
aikidosecurity.bsky.social
aikido | no bullsh*t security for devs @aikidosecurity.bsky.social · 19d
We’re entering a new chapter in pentesting and we’re excited to have the teams from Allseek and Haicker with us on this journey.

Get early access → www.aikido.dev/attack/aipen...
Aikido Attack | Autonomous AI Pentests
Audit-ready pentests without the wait. Full report in days, instant retests, low cost, and continuous validation powered by AI agents.
www.aikido.dev
aikidosecurity.bsky.social
aikido | no bullsh*t security for devs @aikidosecurity.bsky.social · 19d
Breaking: Allseek and Haicker are joining Aikido

Together we’re launching Aikido Attack, autonomous pentests that think like hackers and run in hours, not weeks.

We’re entering a new chapter in pentesting and we’re excited to have the teams from Allseek and Haicker with us on this journey.
1
aikidosecurity.bsky.social
aikido | no bullsh*t security for devs @aikidosecurity.bsky.social · 20d
Did you catch the premiere? → aikido.dev/meetjarno
aikidosecurity.bsky.social
aikido | no bullsh*t security for devs @aikidosecurity.bsky.social · 24d
Here are a few places where Jarno does interviews, the rest are better left offline. But you can always meet him and ask -> aikido.dev/meetjarno
2
aikidosecurity.bsky.social
aikido | no bullsh*t security for devs @aikidosecurity.bsky.social · 24d
How did we scale from 30 to 140 team members in a year? Simple.
Always be recruiting.

Have you met Jarno? → aikido.dev/meetjarno
2
Reposted by aikido | no bullsh*t security for devs
fmerian.com
fmerian @fmerian.com · 25d
#1 Product of the Day, #3 Developer Tool of the Week.

Crushed it.
aikidosecurity.bsky.social
aikido | no bullsh*t security for devs @aikidosecurity.bsky.social · Sep 11
Secure everything you build, host, and run. Aikido now launching at #1 on Product Hunt 🔥

Please upvote here → www.producthunt.com/products/aik...
1 1 1
aikidosecurity.bsky.social
aikido | no bullsh*t security for devs @aikidosecurity.bsky.social · 25d
🍿
1
aikidosecurity.bsky.social
aikido | no bullsh*t security for devs @aikidosecurity.bsky.social · Sep 11
Secure everything you build, host, and run. Aikido now launching at #1 on Product Hunt 🔥

Please upvote here → www.producthunt.com/products/aik...
1
aikidosecurity.bsky.social
aikido | no bullsh*t security for devs @aikidosecurity.bsky.social · Sep 11
tHe biGGesT sUpplY cHaiN atTAck iN hISTory!!!!!11

safe chain stars went brrr
Free to use. Open source.
Reposted by aikido | no bullsh*t security for devs
briankrebs.infosec.exchange.ap.brid.gy
BrianKrebs @briankrebs.infosec.exchange.ap.brid.gy · Sep 8
New, from me:

At least 18 popular JavaScript code packages that are collectively downloaded more than two billion times each week were briefly compromised with malicious software today, after a developer involved in maintaining the projects was phished. The […]

[Original post on infosec.exchange]
a phishing message tied to the newly registered phishing domain npmjs[.]help, which is a tld away from NPM's real login page, npmjs.com. npm <support@npmjs.help> 08:47 (55 minutes ago) to marsup ¥ Inbox © ® O <& Reply Actionsv Hi, marsup! As part of our ongoing commitment to account security, we are requesting that all users update their Two-Factor Authentication (2FA) credentials. Our records indicate that it has been over 12 months since your last 2FA update. To maintain the security and integrity of your account, we kindly ask that you complete this update at your earliest convenience. Please note that accounts with outdated 2FA credentials will be temporarily locked starting September 10, 2025, to prevent unauthorized access. Update 2FA Now 1f you have any questions or require assistance, our support team is available to help. You may contact us through this link. Preferences - Terms - Privacy - Sign in to npm
5 49 27
Reposted by aikido | no bullsh*t security for devs
briankrebs.infosec.exchange.ap.brid.gy
BrianKrebs @briankrebs.infosec.exchange.ap.brid.gy · Sep 9
it appears the same attackers also compromised the JavaScript package duckdb (~350k downloads a week):

https://www.aikido.dev/blog/duckdb-npm-packages-compromised
duckdb npm packages compromised
The popular package duckdb was compromised by same attackers that hit debug and chalk
www.aikido.dev
9 6
aikidosecurity.bsky.social
aikido | no bullsh*t security for devs @aikidosecurity.bsky.social · Sep 9
Le maintainer: “I’ve been pwned. Sorry everyone, very embarrassing.”

Brian Krebs covered the npm supply chain compromise, featuring insights from our own @charlieeriksen.bsky.social, who broke the news.

Full article → krebsonsecurity.com/2025/09/18-p...
1 1
aikidosecurity.bsky.social
aikido | no bullsh*t security for devs @aikidosecurity.bsky.social · Sep 8
MAINTAINER UPDATE: The maintainer of debug & chalk has taken down the packages and locked down his account; some packages remain affected.

The phishing email used to target debug/chalk was 'support [at] npmjs [dot] help'
1 3
aikidosecurity.bsky.social
aikido | no bullsh*t security for devs @aikidosecurity.bsky.social · Sep 8
Update! The goal of the attacker is crypto.
1
aikidosecurity.bsky.social
aikido | no bullsh*t security for devs @aikidosecurity.bsky.social · Sep 8
with a combined 2 billion weekly downloads, this is one of the largest supply chain attacks in npm history
aikidosecurity.bsky.social
aikido | no bullsh*t security for devs @aikidosecurity.bsky.social · Sep 8
• supports-color (287.1m downloads per week)
• strip-ansi (261.17m downloads per week)
• chalk (299.99m downloads per week)
• debug (357.6m downloads per week)
• ansi-styles (371.41m downloads per week)
1
aikidosecurity.bsky.social
aikido | no bullsh*t security for devs @aikidosecurity.bsky.social · Sep 8
• error-ex (47.17m downloads per week)
• color-name (191.71m downloads per week)
• is-arrayish (73.8m downloads per week)
• slice-ansi (59.8m downloads per week)
• color-convert (193.5m downloads per week)
• wrap-ansi (197.99m downloads per week)
• ansi-regex (243.64m downloads per week)
1
aikidosecurity.bsky.social
aikido | no bullsh*t security for devs @aikidosecurity.bsky.social · Sep 8
• backslash (0.26m downloads per week)
• chalk-template (3.9m downloads per week)
• supports-hyperlinks (19.2m downloads per week)
• has-ansi (12.1m downloads per week)
• simple-swizzle (26.26m downloads per week)
• color-string (27.48m downloads per week)
1
aikidosecurity.bsky.social
aikido | no bullsh*t security for devs @aikidosecurity.bsky.social · Sep 8
UPDATE: A massive supply-chain compromise has affected packages with over 2 billion weekly downloads owned by the popular maintainer qix

These include:
• ansi-regex (243.64m downloads per week)
• supports-color (287.1m downloads per week)
• strip-ansi (261.17m downloads per week)
1
aikidosecurity.bsky.social
aikido | no bullsh*t security for devs @aikidosecurity.bsky.social · Sep 8
🚨URGENT: A series of popular packages maintained by qix have just been compromised.

Compromised packages include:
• has-ansi - 12 million weekly downloads - V6.0.1
• supports-hyperlinks - 19m weekly downloads - v4.1.1
• chalk-template - 3.9m weekly downlaods - V1.1.1
1 4 5
aikidosecurity.bsky.social
aikido | no bullsh*t security for devs @aikidosecurity.bsky.social · Sep 5
Trag is now part of Aikido. We sat down with Trag co-founder to talk AI, code quality, and what the future looks like. And yes… there was sake involved.

Full episode → www.youtube.com/watch?v=zUxe...
The Future of Code Reviews in the AI Era – Cyber & Sake Podcast Clip with Khachatur Virabyan
YouTube video by The Secure Disclosure | Cyber, Sake, More.
www.youtube.com
aikidosecurity.bsky.social
aikido | no bullsh*t security for devs @aikidosecurity.bsky.social · Sep 5
In Khachatur’s words: “We didn’t make cars smaller so they could squeeze between trees, we built roads so we could drive them everywhere. AI code generation is the car. Together, we’re building the road.”
1
aikidosecurity.bsky.social
aikido | no bullsh*t security for devs @aikidosecurity.bsky.social · Sep 2
Happening this Thursday ❤️‍🔥
We’re back with the next edition of ~all vibes /no vulns.

Hosted by our own Mackenzie Jackson, with special guests Igor A. (CISO @ Lovable) and Bil Harmer (CISO @ Supabase).

Together we’ll build, hack, and secure an app in real time.

Join us → luma.com/lovablexaiki...
1 2
aikidosecurity.bsky.social
aikido | no bullsh*t security for devs @aikidosecurity.bsky.social · Aug 28
The wait is over. Aikido Code Quality is live.

Our favorite part? Roast mode. 🥵
Activate at your own risk → aikido.dev/quality
aikidosecurity.bsky.social
aikido | no bullsh*t security for devs @aikidosecurity.bsky.social · Aug 27
A clean version has since been published 21.4.1

• Check if you use this project npm ls nx
• Uninstall any malicious versions npm uninstall nx && npm install nx@latest
• Clear cache; rotate creds and tokens.

Full advisory - www.aikido.dev/blog/popular...
Popular nx packages compromised on npm
The popular nx package on npm was compromised, and stolen data was published on GitHub publicly
www.aikido.dev