Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
A ransomware attack on Ultimate Kronos Group disrupted payroll and workforce management for millions of workers at hospitals, governments, and major employers right before the holiday season.
The most critical vulnerability in a decade dropped on a Friday. Log4Shell affects virtually every Java application and is trivial to exploit. Here's what happened.
CVE-2021-43798 allowed unauthenticated directory traversal in Grafana, exposing configuration files and credentials. Exploitation was trivial and widespread.
gRPC powers high-performance microservice communication, but its binary protocol and code generation model introduce unique security challenges most teams overlook.
Relying too heavily on a single vendor creates systemic risk that most organizations dramatically underestimate. Here is how to measure and manage it.
2021 saw a record number of zero-day exploits targeting open-source software. From Log4Shell to ProxyShell, here's what happened and what it means for defenders.
BGP hijacking lets attackers reroute internet traffic at the network level, silently intercepting software downloads and updates. This is one of the most powerful yet overlooked supply chain attack vectors.
Panasonic disclosed a data breach in November 2021, revealing that attackers had maintained access to its network for over four months before detection — highlighting the persistent challenge of dwell time.
APT actors exploited CVE-2021-44077 in Zoho ManageEngine ServiceDesk Plus to breach critical infrastructure. An unauthenticated RCE in the software that manages your IT.
Weekly insights on software supply chain security, delivered to your inbox.