Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
LockBit ransomware operators breached Accenture, a major global consulting firm, claiming to have stolen 6TB of data and demanding a $50 million ransom.
ProxyShell chained three Exchange vulnerabilities for unauthenticated remote code execution. Months after patches were available, thousands of servers remained exposed.
Attackers exploit human typos to distribute malware through package registries. Here's how typosquatting works, real examples, and how to protect your builds.
DNS hijacking can redirect software updates, package downloads, and API calls to attacker-controlled servers. Here's how this underrated attack vector threatens your entire software supply chain.
Open source powers the modern internet, but its security model is under strain. Here's the 2021 landscape of open source risk, from funding to maintainer burnout to malicious packages.
SBOMs are the foundation of software supply chain security. Without knowing what's in your software, you can't secure it. Here's why SBOMs matter and how to get started.
A threat actor scraped data from 700 million LinkedIn users — 93% of the platform's user base — and put it up for sale, reigniting the debate over API abuse and data privacy.
Attackers hijacked the ua-parser-js npm package account and published malicious versions containing cryptominers and password stealers. The package gets 8 million downloads per week.
REvil chained three zero-days in Kaseya VSA to push ransomware through 1,500 MSP customers on July 2, 2021. Here is the technical anatomy.
Weekly insights on software supply chain security, delivered to your inbox.