Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

TLDR: Aikido Security helps you to comply with the Cyber Resilience Act. We also help you to automate security policies and compliance checks for SOC2, ISO27001, CIS & NIS2. Here, we explain its importance of the Cyber Resilience Act and how Aikido helps you to comply with it.

Dear reader, This week has been a strange one. Over the past few months, we’ve seen a string of significant supply chain attacks. The community has been sounding the alarm for a while, and the truth is we’ve been skating on thin ice. It feels inevitable that something bigger, something worse, is coming. In this post, I want to share some of the key takeaways from this week.

The application security landscape is undergoing a profound transformation. Modern development practices, characterized by cloud-native architecture, microservices, and AI-assisted coding, have exponentially expanded the attack surface. In response, organizations are grappling with an overwhelming volume of vulnerabilities from a disconnected array of security tools. This alert fatigue makes it nearly impossible to distinguish real threats from noise.

Over night, starting at 01:16 UTC on September 9th, we were alerted to more packages being compromised, these included: These packages all had a new version 1.3.3 released (In the case of the wasm version, it was version 1.29.2), which contained the same malicious code as we saw in the compromise of packages with 2 billion+ downloads.

Saying that you’ll “shift left” is easy; it makes sense. After all, it’s obvious that preventing issues from happening should shift as far left as the IDE. Resolving issues at that stage gives you the best chance of being more secure. But before resolving an issue, you need to find it. Aikido has an IDE integration for reporting SAST findings immediately.

When the first cryptographically relevant quantum computer (CRQC) arrives, it won’t come with a press release. One day in the not too distant future, a nation-state, organized crime group or unhinged megalomaniac billionaire will quietly spin up the capability, and in eight hours or less, your TLS (Transport Layer Security) RSA-2048 encryption is gone. Like a hot knife through butter.