Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Building a More Secure Workplace Technology Environment

One weak password. One rushed click. One laptop left in a rideshare. That's all it can take to create a very real problem for your business. Strong workplace technology security is no longer just about locking down computers. It protects payroll, customer records, employee privacy, contracts, financial data, and the trust you've worked hard to earn.

How Aikido Intel detects malware and vulnerabilities first

TL;DR: Aikido Intel is a real-time supply chain intelligence feed. It detects both malware and vulnerabilities in open-source ecosystems. Aikido's world-class researchers maintain our LLM-powered pipeline to find malware and validate the most malicious cases by hand. The vulnerability detection system monitors package changes across ecosystems to catch and document vulnerabilities that don’t have CVEs assigned.

ClickFix Social Engineering is Now the Leading Malware Delivery Method

The ClickFix social engineering technique is now the top malware delivery method, according to a new report from ReliaQuest. These attacks trick users into copying a malicious command, then pasting it into a terminal and running it on their computers. “ClickFix remained the dominant delivery method this period and, for the first time, we observed it expand to macOS, delivering infostealers onto a platform many organizations still monitor less closely than Windows,” the researchers write.

Could your own AI agents run a ransomware attack?

Ransomware is evolving well beyond locking systems, and agentic AI is introducing a category of security risk most organizations are not yet equipped to handle. On The Cybersecurity Defenders Podcast, Behnaz Karimi, Senior Cybersecurity Analyst at Accenture and independent ransomware researcher, walks through what that shift actually looks like. The full conversation includes.

JADEPUFFER: How an Agentic Ransomware Attack Unfolded

In early July 2026, researchers at Sysdig published an analysis of what they assess to be the first documented case of agentic ransomware. The threat actor, which Sysdig calls JADEPUFFER, launched an extortion attack driven end to end by a large language model (LLM) rather than a conventional human-operated toolkit.

They Infiltrated the Infiltrators - And What They Found Was Unprecedented

Investigators have turned the tables on one of the world’s most elusive regimes. After a security firm hired a man calling himself "Joseph," a team of private investigators did what no one had done before: they infiltrated a North Korean remote worker cell from the inside. Head to our YouTube channel and watch the full episode of To Catch a Thief, Season 2.

LimeRat Malware: Delivery Techniques and Organizational Impact

Lime RAT stands out as an openly available and meticulously documented malware suite built on the.NET framework, boasting a multitude of capabilities that can be highly destructive when wielded proficiently. Its capacity to pilfer a wide array of valuable data, employ encryption for ransom purposes, or transform the targeted host into a basic-capability bot, combined with an easy-to-use control panel interface, positions it as a preferred choice for less experienced operators.

Threat Actor Uses Phishing to Breach Orgs for Ransomware Gangs

An initial access broker associated with the Payouts King ransomware group is using Microsoft Teams phishing to deploy a malicious Microsoft Edge web browser extension, according to researchers at Zscaler. Once the hackers have a foothold within an organization, they sell the access to the ransomware gang to conduct follow-on attacks.

Compromised @injectivelabs/sdk-ts exfiltrates wallet keys through fake telemetry

A malicious release of @injectivelabs/sdk-ts, an npm package that pulls around 50,000 weekly downloads, shipped code that records wallet mnemonics and private keys as they are derived and ships them to an attacker-controlled endpoint. The bad version, 1.20.21, was live on npm for under an hour on June 8, 2026 before the maintainer noticed and published a clean fix.