get the free IDE extension for @cursor_ai @windsurf_ai @code: https://t.co/JhbiOAUd7C

We are in contact with the maintainers, so far none are sure on how their accounts were compromised and the attackers seemed to be able to bypass 2FA

We are still evaluating the malware but the attackers used the technique of hiding the malware with Unicode PUA Characters so they are invisible to most text editors.

At this stage only extensions on the OpenVSX marketplace are impacted not the offical VS Code Marketplace

🚨 Several VS-Code Extensions have been turned malicious 👾 The impacted extensions are: codejoy/codejoy-vscode-extension@1.8.3, 1.8.4 ginfuru/better-nunjucks@0.3.2 JSearcy/rust-doc-viewer@4.2.1 kleinesfilmroellchen/serenity-dsl-syntaxhighlight@0.3.2

📢 New podcast! Listen in to our latest episode where we speak with Khachatur Virabyan from Aikido Security about why code quality and security should be addressed together. https://t.co/XchlucxmLz

and if you haven't already... meet jarno:

Do you love purple gradients & shipping fast? Join us. https://t.co/yUJ6TH0jyi

Roles still open: 19 (More to come... Say it with me: always 👏 be 👏recruiting👏 )

We welcomed 51 new team members in Q3 • Avg. time to hire: 19 days • Avg. time to start: 15 days

Seems a lot of people wanted to meet Jarno. This month marked an ATM in traffic & applications to join Aikido. Who doesn't love charts that go up & to the right 🫦🫦 Some talent stats 👇

https://t.co/feoCoBqKgc

with great power comes great responsibility

try that search again on npm

gm

beep beep

Get early access →

Breaking: Allseek and @haicker_app are joining Aikido Together we’re launching Aikido Attack, autonomous pentests that think like hackers and run in hours, not weeks. What this means for security teams: • Launch full pentests in hours, not weeks • Agents that

Did you catch the premiere? → https://t.co/feoCoBqcqE

Here are a few places where Jarno does interviews, the rest are better left offline. But you can always meet him and ask -> https://t.co/feoCoBqcqE

There's been several historic npm package compromises in the news lately > Sep 8th 18 packages, crypto theft > Sep 16th 180+ packages, worm that steals credentials Mackenzie from @AikidoSecurity explains why SCA is relevant to AI Agents and how you can keep your company safe