A sophisticated attack compromised the official xrpl NPM package by inserting a backdoor to steal cryptocurrency private keys, affecting numerous applications and websites. The attack involved releasing unauthorized versions of the package containing malicious code. Users are advised to check if they have used the compromised
Table of contents
New packages releasedThe mysterious codeWhat’s the domain?What does the code do?Why so many version bumps?Aikido IntelIndicators of CompromiseRemediationThe malware dating guide: Understanding the types of malware on NPMHide and Fail: Obfuscated Malware, Empty Payloads, and npm ShenanigansLaunching Aikido Malware – Open Source Threat FeedMalware hiding in plain sight: Spying on North Korean HackersGet the TL;DR: tj-actions/changed-files Supply Chain AttackA no-BS Docker security checklist for the vulnerability-minded developerSensing and blocking JavaScript SQL injection attacksPrisma and PostgreSQL vulnerable to NoSQL injection? A surprising security risk explainedLaunching Opengrep | Why we forked SemgrepYour Client Requires NIS2 Vulnerability Patching. Now What?Top 10 AI-powered SAST tools in 2025Snyk vs Aikido Security | G2 Reviews Snyk AlternativeTop 10 Software Composition Analysis (SCA) tools in 20253 Key Steps to Strengthen Compliance and Risk ManagementThe Startup's Open-Source Guide to Application SecurityLaunching Aikido for Cursor AIMeet Intel: Aikido’s Open Source threat feed powered by LLMs.Aikido joins the AWS Partner NetworkCommand injection in 2024 unpackedPath Traversal in 2024 - The year unpackedBalancing Security: When to Leverage Open-Source Tools vs. Commercial ToolsThe State of SQL InjectionVisma’s Security Boost with Aikido: A Conversation with Nikolai BrogaardSecurity in FinTech: Q&A with Dan Kindler, co-founder & CTO of BoundTop 7 ASPM Tools in 2025Automate compliance with SprintoGRC x AikidoHow to Create an SBOM for Software AuditsSAST vs DAST: What you need to know.Best SBOM Tools for Developers: Our 2025 Picks5 Snyk Alternatives and Why They Are BetterWhy we’re stoked to partner with Laravel110,000 sites affected by the Polyfill supply chain attackCybersecurity Essentials for LegalTech CompaniesDrata Integration - How to Automate Technical Vulnerability ManagementDIY guide: ‘Build vs buy’ your OSS code scanning and app security toolkitSOC 2 certification: 5 things we learnedTop 10 app security problems and how to protect yourselfWe just raised our $17 million Series ABest RASP Tools for Developers in 2025Webhook security checklist: How to build secure webhooksThe Cure For Security Alert Fatigue SyndromeNIS2: Who is affected?ISO 27001 certification: 8 things we learnedCronos Group chooses Aikido Security to strengthen security posture for its companies and customersHow Loctax uses Aikido Security to get rid of irrelevant security alerts & false positivesAikido Security raises €5m to offer a seamless security solution to growing SaaS businessesAikido Security achieves ISO 27001:2022 complianceHow StoryChief’s CTO uses Aikido Security to sleep better at nightWhat is a CVE?Best Tools for End-of-Life Detection: 2025 RankingsTop 3 web application security vulnerabilities in 2024New Aikido Security Features: August 2023Aikido’s 2025 SaaS CTO Security ChecklistAikido’s 2024 SaaS CTO Security Checklist15 Top Cloud and Code Security Challenges Revealed by CTOsWhat is OWASP Top 10?How to build a secure admin panel for your SaaS appHow to prepare yourself for ISO 27001:2022Preventing fallout from your CI/CD platform being hackedHow to Close Deals Faster with a Security Assessment ReportAutomate Technical Vulnerability Management [SOC 2]Preventing prototype pollution in your repositoryHow does a SaaS startup CTO balance development speed and security?How a startup’s cloud got taken over by a simple form that sends emailsAikido Security raises €2 million pre-seed round to build a developer-first software security platformWhy Lockfiles Matter for Supply Chain SecurityGet secure in 32 secondsSort: