Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
VS Code extensions run with the same privileges as your editor — which means full access to your source code, terminal, and credentials. The marketplace security model does not prevent malicious extensions.
PostgreSQL extensions, MySQL plugins, and database add-ons run with database-level privileges. A compromised extension has direct access to your data. Most organizations never audit them.
Compression libraries are everywhere and trusted implicitly. The xz backdoor proved that trust can be weaponized. Here is the full picture.
Package archives can contain path traversal sequences that write files outside the expected directory. Most developers never check for this.
Running pip install can execute arbitrary code on your machine before you ever import the package. Here is how install hooks create risk.
BlackCat (ALPHV) brought Rust programming, triple extortion, and supply chain targeting to the ransomware-as-a-service model, raising the bar for both attackers and defenders.
Software supply chain credentials, stolen signing keys, and zero-day exploits for build tools are traded on dark web forums. Monitoring these channels provides early warning of supply chain attacks.
Lockfile injection is a subtle supply chain attack where malicious changes to package-lock.json redirect dependency resolution to attacker-controlled packages. Here is how it works and how to detect it.
WebAssembly promises near-native performance with a strong security sandbox. But the sandbox model has nuances that developers and security teams must understand to avoid dangerous assumptions.
Weekly insights on software supply chain security, delivered to your inbox.