惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

C
Check Point Blog
S
Schneier on Security
P
Privacy & Cybersecurity Law Blog
S
Security @ Cisco Blogs
W
WeLiveSecurity
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
Microsoft Azure Blog
Microsoft Azure Blog
NISL@THU
NISL@THU
T
Troy Hunt's Blog
L
LangChain Blog
L
LINUX DO - 最新话题
T
The Exploit Database - CXSecurity.com
Engineering at Meta
Engineering at Meta
N
News and Events Feed by Topic
A
About on SuperTechFans
N
Netflix TechBlog - Medium
P
Proofpoint News Feed
MyScale Blog
MyScale Blog
Martin Fowler
Martin Fowler
Y
Y Combinator Blog
H
Heimdal Security Blog
aimingoo的专栏
aimingoo的专栏
T
Threat Research - Cisco Blogs
SecWiki News
SecWiki News
Microsoft Security Blog
Microsoft Security Blog
T
Tenable Blog
P
Proofpoint News Feed
H
Hacker News: Front Page
G
GRAHAM CLULEY
I
Intezer
V
V2EX
S
Secure Thoughts
Stack Overflow Blog
Stack Overflow Blog
H
Help Net Security
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
人人都是产品经理
人人都是产品经理
博客园 - 聂微东
Latest news
Latest news
Recent Announcements
Recent Announcements
Hugging Face - Blog
Hugging Face - Blog
腾讯CDC
博客园_首页
Webroot Blog
Webroot Blog
博客园 - 三生石上(FineUI控件)
AI
AI
N
News | PayPal Newsroom
Google DeepMind News
Google DeepMind News
Security Archives - TechRepublic
Security Archives - TechRepublic
B
Blog RSS Feed
美团技术团队

Aikido Security's Blog

GlassWorm goes native: New Zig dropper infects every IDE on your machine Aikido Attack finds multiple 0-days in Hoppscotch The cybersecurity doomerism around Mythos doesn't match what we see on the ground axios compromised on npm: maintainer account hijacked, RAT deployed Popular telnyx package compromised on PyPI by TeamPCP Aikido × Lovable: Vibe, Fix, Ship CanisterWorm Gets Teeth: TeamPCP's Kubernetes Wiper Targets Iran TeamPCP deploys CanisterWorm on NPM following Trivy compromise Security testing is validating software that no longer exists Aikido Recognized by Frost & Sullivan with the 2026 Customer Value Leadership Award in ASPM GlassWorm Hides a RAT Inside a Malicious Chrome Extension fast-draft Open VSX Extension Compromised by BlokTrooper Glassworm Strikes Popular React Native Phone Number Packages Glassworm Is Back: A New Wave of Invisible Unicode Attacks Hits Hundreds of Repositories How Security Teams Fight Back Against AI-Powered Hackers Introducing Betterleaks, an open source secrets scanner by the author of Gitleaks Trump’s 2026 cybersecurity strategy: From compliance to consequence How does AI pentesting work with compliance? What continuous pentesting actually requires Rare Not Random: Using Token Efficiency for Secrets Scanning Persistent XSS/RCE using WebSockets in Storybook’s dev server Why Determinism Is Still a Necessity in Security WAF vs. RASP vs. ADR Introducing Aikido Infinite: A new model of self-securing software How Aikido secures AI pentesting agents by design Astro Full-Read SSRF via Host Header Injection How to Get Your Board to Care About Security (Before a Breach Forces the Issue) What is Slopsquatting? The AI Package Hallucination Attack Already Happening SvelteSpill: A Cache Deception Bug in SvelteKit + Vercel Top 6 Wiz Code Alternatives Aikido recognized as Platform Leader in Latio Tech's 2026 Application Security Report From detection to prevention: How Zen stops IDOR vulnerabilities at runtime npm backdoor lets hackers hijack gambling outcomes Introducing Upgrade Impact Analysis: When breaking changes actually matter to your code Why Trying to Secure OpenClaw is Ridiculous Claude Opus 4.6 found 500 vulnerabilities. What does this change for software security? Introducing Aikido Expansion Packs: Safer defaults inside the IDE International AI Safety Report 2026: What It Means for Autonomous AI Systems Self-Securing Software: What It Is, Why It Matters, and How It Works npx Confusion: Packages That Forgot to Claim Their Own Name What Is Continuous Pentesting? Introducing Aikido Package Health: a Better Way to Trust Your Dependencies AI Pentesting: Minimum Safety Requirements for Security Testing Secure SDLC for Engineering Teams (+ Checklist) Fake Clawdbot VS Code Extension Installs ScreenConnect RAT G_Wagon: npm Package Deploys Python Stealer Targeting 100+ Crypto Wallets Gone Phishin': npm Packages Serving Custom Credential Harvesting Pages Malicious PyPI Packages spellcheckpy and spellcheckerpy Deliver Python RAT Top 10 AI Security Tools For 2026 Agent Skills Are Spreading Hallucinated npx Commands Understanding Open-Source License Risk in Modern Software The CISO Vibe Coding Checklist for Security Top 6 Graphite alternatives for AI code review in 2026 From “No Bullsh*t Security” to $1B: We Just Raised Our $60m Series B Critical n8n Vulnerability Allows Unauthenticated Remote Code Execution (CVE-2026-21858) Top 14 VS Code Extensions for 2026 AI-Driven Pentesting of Coolify: Seven CVEs Identified Top Continuous Pentesting Tools in 2026 SAST vs SCA: Securing the Code You Write and the Code You Depend On JavaScript, MSBuild, and the Blockchain: Anatomy of the NeoShadow npm Supply-Chain Attack How Engineering and Security Teams Can Meet DORA’s Technical Requirements IDOR Vulnerabilities Explained: Why They Persist in Modern Applications Shai Hulud strikes again - The golden path MongoBleed: MongoDB Zlib Vulnerability (CVE-2025-14847) and How to Fix It First Sophisticated Malware Discovered on Maven Central via Typosquatting Attack on Jackson The Fork Awakens: Why GitHub’s Invisible Networks Break Package Security Top 10 Cyber Security Tools For 2026 SAST in the IDE is now free: Moving SAST to where development actually happens AI Pentesting in Action: A TL;DV Recap of Our Live Demo The Top 7 Threat Intelligence Tools in 2026 React & Next.js DoS Vulnerability (CVE-2025-55184): What You Need to Fix After React2Shell OWASP Top 10 for Agentic Applications (2026): What Developers and Security Teams Need to Know DAST vs Pentesting v AI Pentesting: Why DAST Cannot Replace Modern Pentesting PromptPwnd: Prompt Injection Vulnerabilities in GitHub Actions Using AI Agents Top 7 Cloud Security Vulnerabilities Critical React & Next.js RCE Vulnerability (CVE-2025-55182): What You Need to Fix Now How to Comply With the UK Cybersecurity & Resilience Bill: A Practical Guide for Modern Engineering Teams Shai Hulud 2.0: What the Unknown Wonderer Tells Us About the Attackers’ Endgame SCA Everywhere: Scan and Fix Open-Source Dependencies in Your IDE Safe Chain now enforces a minimum package age before install Shai Hulud Attacks Persist Through GitHub Actions Vulnerabilities Shai Hulud Launches Second Supply-Chain Attack: Zapier, ENS, AsyncAPI, PostHog, Postman Compromised CORS Security: Beyond Basic Configuration Revolut Selects Aikido Security to Power Developer-First Software Security The Future of Pentesting Is Autonomous How Aikido and Deloitte are bringing developer-first security to enterprise Secrets Detection: A Practical Guide to Finding and Preventing Leaked Credentials Invisible Unicode Malware Strikes OpenVSX, Again AI as a Power Tool: How Windsurf and Devin Are Changing Secure Coding Building Fast, Staying Secure: Supabase’s Approach to Secure-by-Default Development OWASP Top 10 2025: Official List, Changes, and What Developers Need to Know Top 10 JavaScript Security Vulnerabilities in Modern Web Apps The Return of the Invisible Threat: Hidden PUA Unicode Hits GitHub repositorties Top 7 Black Duck Alternatives in 2026 What Is IaC Security Scanning? Terraform, Kubernetes & Cloud Misconfigurations Explained AutoTriage and the Swiss Cheese Model of Security Noise Reduction Top Software Supply Chain Security Vulnerabilities Explained The Top 7 Kubernetes Security Tools Top 10 Web Application Security Vulnerabilities Every Team Should Know What Is CSPM (and CNAPP)? Cloud Security Posture Management Explained
Packagist is now protected by Aikido Intel and other updates to the PHP registry
Dania Durnas · 2026-06-26 · via Aikido Security's Blog

Running an open source registry means fighting fires. Another maintainer’s account gets popped, another malicious package. The takedown is always one upload behind. The job never ends, and most registries, run by small teams with little cash, are often too stretched to do much beyond keep up with it. But lately, we’ve been seeing more positive changes in the open-source world, with ecosystems making the structural changes that stop a kind of attack from working at all.

The small team that maintains Packagist.org and Composer, the registry and package manager behind the PHP world, has been doing deliberate, preventative security work and making meaningful improvements. Aikido is a big supporter of the effort. Aikido’s Intel feed powers malware blocking in Composer for downloads. It’s enabled by default for Composer 2.10 and higher for everyone. This sits alongside a stack of other changes Packagist made and is making, each one working to end entire categories of attacks instead of chasing single packages. 

We’re starting to see this trend of improvements across package registries, and we’re excited to be able to support these initiatives. PHP developers can rest easier now, knowing there are more guardrails in place to prevent them from accidentally installing malware. 

Malware blocking in Composer

The easiest win is to prevent users from installing a package version that is already known to be malicious. Thanks to Aikido Intel, Composer now knows which versions have been flagged and won’t install them. 

When Aikido flags a malicious package version, that flag lives inside the package metadata Composer downloads. Composer 2.10's dependency policy framework pulls the flagged version out of the resolution pool, so `composer update`, `composer require`, and `composer create-project` won't select it. The most important check is the one on `composer install`, because a version flagged after your lockfile was written fails on the next install. If, for some reason, a user still wants to download a blocked package, they can manually override it.

This integration works because it's:

  • Open: The feed Aikido provides to Packagist is CC-BY licensed, so the protection isn't tied to a six-figure contract, and the door stays open for other data providers to plug in. Security that only the well-funded can afford doesn't protect us.
  • On by default: A protection that needs people to opt in protects almost nobody (because it's hard to get people to opt in). Defaults are where ecosystem security lives, and the 2.10 default requires nothing from users for them to benefit.
  • Fast enough: Malicious versions usually get taken down within a few hours, so a feed that flags them in minutes protects users in the window between detection and removal. Because the block only works when something is detected, slow detection wouldn't help much.
  • Automated: Because the malicious package gets blocked as soon as Aikido detects it, there’s no extra delay in waiting for someone to manually blacklist or remove the package, so users are protected faster.

Wiring Aikido’s detection into every install was just one of the improvements Packagist has shipped recently.

Closing doors instead of patching holes

Next, re-tagging. Publishing to Packagist has always meant pushing a git tag, and the registry pulls whatever that tag points at. That system allowed attackers who hijacked a trusted account to re-tag a published version and point it at malicious code, so that version number now carries some payload (which we saw in the recent attack on Laravel-Lang). Packagist's answer, stable version immutability, means a published stable version can no longer be rewritten. That ends the re-tagging attacks as whole. GitHub has the equivalent, but they made it opt-in. Packagist made it mandatory.

Finally, trying to get people to update software is like pulling teeth. A default block only helps the people running a current Composer, and many people aren’t. A CI image or an AI agent often runs a version from years ago, so Private Packagist can require a current Composer to connect. It also refuses to serve a flagged version's files to any client at all, old or new.

Packagist.org isn’t done yet, and they have a few security improvements coming. They’re planning a minimum release age, which would blunt attacks that rely on a short window before detection catches up (in the meantime, you can get similar protection with Aikido Safe Chain, also free). They’re also creating organizational ownership, which will allow for mandatory MFA, as well as staged releases, which npm recently shipped.

Moving toward safer package registries

This is not only a PHP story. As we mentioned, npm is moving the same way with staged publishing, but also turning off automatic install scripts. PyPI made 2FA mandatory and built a quarantine system, and crates.io and RubyGems adopted trusted publishing through a shared OpenSSF design. Ecosystems are moving in the right direction. We want to see a lot more of it, faster, and we keep supporting where we can. 

Are you a PHP developer? Composer clients older than 2.10 don’t have this feature, so make sure you update today if you haven’t. Not using PHP? Aikido Safe Chain is an open-source tool that also prevents you from installing new or malicious packages before they get installed on your device.

Regardless of the ecosystems you depend on, you can check out what Aikido Intel is flagging across the interwebs. The feed is public and free at intel.aikido.dev.