Aikido Security

We're #hiring a new Partnerships & Business Development Manager in San Francisco Bay Area. Apply today or share this post with your network.

We're #hiring a new Developer Relations (DevRel) in San Francisco Bay Area. Apply today or share this post with your network.

We set up a local Mailcow instance, ran Aikido Attack against it, and found three XSS vulnerabilities, including one that let unauthenticated attackers take over administrator accounts just by sending a crafted request that ends up in the logs. The third vulnerability was technically interesting! It's a Self-XSS with no real impact on its own, until you chain it with a Cross-Site Request Forgery (CSRF). Force a victim's browser to log into the attacker's account, and suddenly an attacker can read their emails from across origins... in just two clicks! All three have been patched as of version 2026-03b. Full breakdown on the blog: https://lnkd.in/getHgb7s

It’s the end of my first week at Aikido Security and it’s been the best. My swag is slowly arriving, the only scans campaign was one of the reasons I applied! Looking forward to meeting my colleagues in Belgium next week ✈️ I have a few roles open across sales and marketing, check them out here or drop me a message if you are thinking of making a move 👌🏻 https://lnkd.in/e6TuYCib

Secrets get hardcoded into AI-generated code, developers override the warning when the assistant flags it, and then they move on and forget about it. It happens more than anyone wants to admit. Zach Rice built Betterleaks to catch what slips through anyway. Open source, fast, easily configurable, and designed to fit directly into agentic workflows. The goal was simple: build the best open source secrets scanner. The New Stack covered the full story: https://lnkd.in/gaqbj5N8

95 repositories. 31 container registries. 9 cloud environments. One unified security platform that ties it all together. HeyJobs replaced a scattered stack of tools with Aikido Security, giving their developers clear, actionable insights they can implement immediately. ⚡️ Here's how they did it -> https://lnkd.in/gbKzWyyV

We're #hiring a new Solutions Engineer (Pre-Sales) US in Chicago, Illinois. Apply today or share this post with your network.

NIST announced it'll no longer enrich all CVEs in the NVD. If your security tooling depends on NVD data, it just got a lot less complete. We launched Aikido Intel in January 2024 because we already knew vulnerability databases alone couldn't keep up. Two years and 2,000+ discovered vulnerabilities later, the gap is only getting wider. Intel is open-source and monitors 4.3M packages. It doesn't wait for a CVE to be filed. More on what the NIST changes mean and what comes next: https://lnkd.in/gHQBGsA7

👾 Aikido Intel Weekly (Malware): In the last 7 days, we detected 14,610 malware alerts across open-source packages in npm, PyPI, GitHub Actions, and 12 more ecosystems. Your earliest warning for supply chain threats → https://lnkd.in/grUzwc-P Protect yourself from malicious packages upon install with Safe Chain (free & open source) → https://lnkd.in/dgRRrt9g

We're #hiring a new Partnerships & Business Development Manager US in San Francisco, California. Apply today or share this post with your network.