HackerTrans
TopNewTrendsCommentsPastAskShowJobs

advocatemack

no profile record

Submissions

Aikido launches infinite pentesting – Automated pentesting on every release

aikido.dev
11 points·by advocatemack·5 mesi fa·0 comments

AI Agents discovered a cache deception bug affecting SvelteKit on Vercel

aikido.dev
2 points·by advocatemack·5 mesi fa·0 comments

Prompt injection through GitHub Action workflow impacts Gemini and others

aikido.dev
4 points·by advocatemack·7 mesi fa·1 comments

comments

advocatemack
·10 mesi fa·discuss
You can also use tools like safe-chain which connects to malware databases and blocks installations of malicious packages. In this case it would have blocked installs around 20 minutes after the malware was added as this was how long it took to be added into the malware databases. https://www.npmjs.com/package/@aikidosec/safe-chain
advocatemack
·10 mesi fa·discuss
Mackenzie here I work for Aikido. This is a classic example of the security community all playing a part. The very first notice of this was from a developer named Daniel Pereira. He alerted Socket who did the first review of the Malware and discovered 40 packages. After, Aikido discovered an additional 147 packages and the Crowdstrike packages. I'm not sure how Step found it but they were the first to really understand the malware and that it was a self replicating worm. So multiple parties all playing a part kinda independent. Its pretty cool