Powered by AI + Aikido Research TeamAikido Threat Intelligence
Your earliest warning for supply chain threats. We expose malware and vulnerabilities in open-source ecosystems, within minutes.
Latest Publications
Subscribe to hear about
critical security incidents
We'll send you updates on incidents as and when they happen
Is Shai-Hulud Back? Compromised Bitwarden CLI Contains a Self-Propagating npm Worm
Malware found in @bitwarden/cli v2026.4.0 steals SSH keys, cloud secrets, and AI coding tool credentials, then spreads through victims' own npm packages. Inside: a worm calling itself "Shai-Hulud: The Third Coming."
GPT-Proxy Backdoor in npm and PyPI turns Servers into Chinese LLM Relays
A newly discovered npm and PyPI malware campaign installs hidden LLM proxies on compromised servers, turning them into relay nodes for LLM traffic.
Multiple Cross-Site Scripting (XSS) Vulnerabilities in Mailcow
Aikido's AI pentest agent found three XSS vulnerabilities in Mailcow, one of which let unauthenticated attackers take over administrator accounts. All issues have been patched as of version 2026-03b.
Our Intel, Your Security
Open Source
Aikido Intel is available under AGPL license, developers may freely use, modify, and distribute the vulnerability & malware feed.
License the Intel Database
Want to integrate our threat intelligence into your product? Get access through our commercial API.
Get Secure Now
Secure your code, cloud, and runtime environments in one central system. Find and fix vulnerabilities automatically.
Get Secure Now
Secure your code, cloud, and runtime environments in one central system. Find and fix vulnerabilities automatically.
No credit card required | Scan results in 32secs.
SOC 2Compliant
ISO 27001Compliant