🚀 Just published: Opengrep Opengrep — Open-source code security engine for developers Opengrep is a fork of SemgrepCS, providing accessible static code analysis and security scanning for developers openalternative.co/opengrep

Aikido IDE plugins are getting major upgrades. Last week VS Code, this week IntelliJ IDEA, a JetBrains IDE. As of today, Aikido Jetbrains IDE plug-in is powered by Opengrep – secure your code as fast as it's written. ⚡️Up to 10x faster for most repos – quick start, results in 0.5 seconds ⚡️

tj-actions GitHub Action was hacked 🚨 If your repo uses tj-actions/changed-files, your secrets may be compromised (AWS keys, GitHub tokens, etc.). Our advocate Mackenzie Jackson - made a quick tldr video to cover: 🔹 What happened 🔹 How to check if you're affected 🔹 What to do

If you love semgrep free but miss having fingerprints to track findings (and exception lists), check out Opengrep

Gergely Orosz we have a in-app firewall you can install to block: aikido.dev/zen - block bot traffic (granularity), incl different types of AI crawlers - set api rate limiting, etc At this point AI traffic mimics DDOS attacks & engineers lack the tools to stop it, so we’re

🚨 🚨 MERCH DROP 💣 🚨 🚨 🚨 🚨 👉 onlyscans.dev/merchandise

do you love Lovable - and want to love it a bit more? Join for the 101 on all things security. • what actually matters in app security • how to build safely with AI, from the start • security checklists & (free) tools to secure your app • we'll answer top

acronym free open bar RSA Conference see you there w/ latio

🚨We have discovered a backdoor in the official #xrpl NPM package. This back door steals private keys and sends them to attackers. The affected versions 4.2.1 - 4.2.4, if you are using an earlier version, do not upgrade. #crypto #malware #npm

So #XRPL just had a back door put in the official #NPMjs package. The back door steals XRP private keys and sends them to the attackers C2 server allowing them to steal cryptocurrency. As this is the offical XRP package, it is likely all major exchanges are using it!

Earlier today, a security researcher from Aikido Security identified a serious vulnerability in the xrpl npm package (v4.2.1-4.2.4 and v2.14.2). We are aware of the issue and are actively working on a fix. A detailed post-mortem will follow.

👾#XRP hack breakdown xrpl NPM package injected with key-stealing malware. Versions 4.2.4–2.14.2 hit. Compromised via dev NPM access token Caught early by Aikido Security Sign & verify your releases, folks! 🛡️ #InfoSec #SupplyChainAttack #xrpl

opengrep 1.2.0 & 1.1.2 update 🫡 ft. C#, windows, benchmarking, & more. Another week, more releases. Especially recommended to upgrade asap to 1.2.1 if you scan C# code! Here's the breakdown 👇

🚨 𝐖𝐞 𝐣𝐮𝐬𝐭 𝐝𝐞𝐭𝐞𝐜𝐭𝐞𝐝 𝐚 𝐧𝐞𝐰 𝐬𝐮𝐩𝐩𝐥𝐲 𝐜𝐡𝐚𝐢𝐧 𝐚𝐭𝐭𝐚𝐜𝐤 𝐢𝐧 𝐫𝐚𝐧𝐝-𝐮𝐬𝐞𝐫-𝐚𝐠𝐞𝐧𝐭 The JS package rand-user-agent has been compromised via NPM. The 3 latest versions contain a RAT 🐀, Remote Access Trojan, which is particularly nasty. See our

hard launching Container AutoFix today 🔥 huge for devs wasting days on manual container upgrades fix vulnerable images automatically — with Aikido AI. break the fix>rebuild>break cycle in seconds - try it out 👀

This was a fun set of packages to track, where they used a rather novel set of techniques for their attack. aikido.dev/blog/youre-inv…

solst/ICE Aikido is the main one I've been recommending to other security folks. Saves me a lot of headache. aikido.dev

Upgrading & fixing vulnerabilities in your containers can take hours of work. Using agentic LLMs, Aikido turns that into minutes.

🚨 New: Automatic Changelog Analysis for Open-Source Dependencies Before: ⏱️ waste 15 minutes scanning changelogs, comparing versions, assessing upgrade impact. Now: ⚡ 10 seconds with Aikido. • See breaking changes instantly • Upgrade versions in 1 click Don’t break your

Introducing Aikido AI Cloud Search 🌩️ ⚡ Go from question to insight, fast. Identify & correlate real risk in seconds, whether you want to identify exposed databases, overly permissive IAM roles... Just describe what you’re looking for, like “Give me all VMs with CVE-2025-32433