Joined September 2022
456 Photos and videos
Pinned Post
Aikido Intel is your earliest warning for supply chain threats. Our engine detects malware and vulnerabilities in open-source ecosystems within minutes. Built by our team of security researchers & AI engineers. Bookmark it: intel.aikido.dev/
5
18
84
65,155
Aikido Security reposted
As soon as we saw this comment, @J0R1AN wrote a PoC for it Here it is: unauthenticated RCE on default phpBB instances
Hey, I've sent you an email before, ACP access can be trivially obtained because almost always on real forums you can just login as an admin in the main admin group with the founding role, create a new user account that you own, make it an admin (yes adding someone to a group does NOT need ACP), then you just login as your account and get into ACP since you know the password. IDK how you missed this one :)
2
2
23
3,520
On June 10th, we announced a critical auth bypass in phpBB, now CVE-2026-48611. Here's the technical followup with exploit scenarios and how to detect it. All it takes is one unauthenticated request to log in as any user, admin included, on a default phpBB install, no password required. Aikido Attack caught this on a routine run. We reported it June 2nd, and phpBB shipped a fix four days later in version 3.3.17. If you haven't upgraded yet, do it now.
2
4
23
17,369
Update: the phpBB bypass goes further than we thought. The account takeover chains into Administration Control Panel access, and on the 4.x branch, unauthenticated remote code execution. Video below 👇
2
7
1,686
Aikido Security reposted
Join us in Paris for the @daytonaio AI Builders Meetup this Tuesday, July 7, an official side event of @RaiseSummit, hosted by Daytona in partnership with @AikidoSecurity. 🇫🇷 Hear from speakers at @SambaNovaAI, @AikidoSecurity, @Replit, @alpic_ai, @CopilotKit, and @daytonaio as they share practical insights on AI agents, AI infrastructure, security, and the next generation of AI applications. Only a few spots remain. RSVP and find all the event details here: luma.com/ai-builders-paris See you there! 🚀
1
5
18
2,098
Aikido Security reposted
We found this crit a few weeks ago, tens of millions of users impacted across all phpBB forums. After 4 weeks, @J0R1AN is finally releasing the details in a blog post! aikido.dev/blog/authenticati… idk what's crazier, the 9 minutes triage or that this 1 req bug wasn't found for years
On June 10th, we announced a critical auth bypass in phpBB, now CVE-2026-48611. Here's the technical followup with exploit scenarios and how to detect it. All it takes is one unauthenticated request to log in as any user, admin included, on a default phpBB install, no password required. Aikido Attack caught this on a routine run. We reported it June 2nd, and phpBB shipped a fix four days later in version 3.3.17. If you haven't upgraded yet, do it now.
3
13
106
15,325
AI agents are writing code and pulling in dependencies without anyone reviewing them. That's the new normal. Last month, 141 packages in the Mastra ecosystem were compromised overnight. LLMs handed the keyboard to everyone. But in doing it, we moved the most dangerous decision in software to somewhere no human is looking.
3
1
12
1,348
Aikido Security reposted
aikido is 300 people big! they grow up so fast 🥹
💜 We officially hit 300 team members at Aikido. So this had to be done. If you haven't met Jarno, you have now -> aikido.dev/meetjarno
2
1
13
2,171
💜 We officially hit 300 team members at Aikido. So this had to be done. If you haven't met Jarno, you have now -> aikido.dev/meetjarno
2
2
16
3,846
Omnea ships code 70-80 times a day, more than 80% of it AI-generated, and stays secure with just one security engineer for 50 developers, using Aikido. Gavin Williams, Engineering Manager at Omnea, breaks down how Aikido makes that possible.
2
2
11
1,628
Aikido Security reposted
Thanks for keeping us safe Claude Fable 5!
294
332
6,730
469,489
Aikido Security reposted
One step closer to the dream of atomic rotations!
GitHub shipped bulk credential revocation for Enterprise. One action cuts off compromised credentials across the entire org during an active incident. Recent attacks have shown what happens when revocation is slow or incomplete. The Trivy compromise came back for a second round because the first cleanup left at least one credential alive. Incomplete rotation is what keeps attacks going after the initial breach.
2
6
2,080
Aikido Security reposted
Great conversations at last night's AI Leaders Dinner, co-hosted with our partners @infinum, @AikidoSecurity, @CoderHQ, and @ArizeAI. Now it's time for two more days at @aiDotEngineer! 🚀 Don't miss our CEO, @ivanburazin, speaking today at 11:40 AM: "Kubernetes Is Not Your Sandbox." See you there!
1
2
13
2,146
GitHub shipped bulk credential revocation for Enterprise. One action cuts off compromised credentials across the entire org during an active incident. Recent attacks have shown what happens when revocation is slow or incomplete. The Trivy compromise came back for a second round because the first cleanup left at least one credential alive. Incomplete rotation is what keeps attacks going after the initial breach.
2
4
21
9,495