Your earliest warning for supply chain threats
Aikido Intel is the real-time supply chain intelligence feed. We detect malware and vulnerabilities in open-source ecosystems within minutes.
Latest Publications
Subscribe to hear about
critical security incidents
We'll send you updates on incidents as and when they happen
Mini Shai-Hulud Targets SAP npm Packages With a Bun-Based Secret Stealer
Compromised SAP npm packages use a Bun-based preinstall payload to steal GitHub, npm, cloud, and CI secrets, then spread via GitHub using OhNoWhatsGoingOnWithGitHub.
Someone published four versions of a fake "tanstack" package in 27 minutes to steal your .env files
A fake "tanstack" npm package published four malicious versions in 27 minutes today, exfiltrating .env files via a postinstall hook. Here's what happened, who was affected, and how to rotate your credentials.
Is Shai-Hulud Back? Compromised Bitwarden CLI Contains a Self-Propagating npm Worm
Malware found in @bitwarden/cli v2026.4.0 steals SSH keys, cloud secrets, and AI coding tool credentials, then spreads through victims' own npm packages. Inside: a worm calling itself "Shai-Hulud: The Third Coming."
Our Intel, Your Security
License the Intel Database
Use our threat intelligence to strengthen your internal security operations. Get access through our commercial API.
Protect Developer Devices
Block malicious packages, IDE extensions, browser plugins, and AI tools before install.
Secure Your Supply Chain
Secure third-party dependencies, identify real threats, remediate automatically with Aikido.
Get Secure Now
Secure your code, cloud, and runtime environments in one central system. Find and fix vulnerabilities automatically.
No credit card required | Scan results in 32secs.
SOC 2Compliant
ISO 27001Compliant