Aikido
Coverage of Aikido in the Nexus archive.
- Aikido Code Audit
Aikido has introduced a code audit tool designed to identify complex vulnerabilities hidden in codebases. The article is discussed on Hacker News with 13 points and 4 comments.
- Dozens of Red Hat packages backdoored through its official NPM channel
Red Hat's official NPM accounts were compromised to distribute malicious packages stealing credentials. Over 30 packages were affected in a supply-chain attack identified by security firm Aikido.
- Threat hunters find Google API keys still usable 23 minutes after deletion
Security researchers at Aikido discovered that Google API keys remain usable for up to 23 minutes after deletion, creating a significant vulnerability window for attackers. When combined with Google's automatic billing tier upgrades, compromised keys can lead to devastating financial charges as bad actors exploit Gemini and other services before the credentials are fully revoked across Google's infrastructure.