Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
BGP hijacking lets attackers reroute internet traffic at the network level, silently intercepting software downloads and updates. This is one of the most powerful yet overlooked supply chain attack vectors.
Panasonic disclosed a data breach in November 2021, revealing that attackers had maintained access to its network for over four months before detection — highlighting the persistent challenge of dwell time.
APT actors exploited CVE-2021-44077 in Zoho ManageEngine ServiceDesk Plus to breach critical infrastructure. An unauthenticated RCE in the software that manages your IT.
SCA tools have exploded in number and capability. Here's how to evaluate them without getting lost in vendor marketing.
XcodeGhost compromised Apple's developer toolchain by distributing a modified Xcode IDE. Years later, the attack remains a textbook example of build-tool supply chain compromise.
A social engineering attack on a Robinhood customer support employee exposed personal data of approximately 7 million users, revealing the persistent vulnerability of human-facing systems.
The NTIA published its minimum elements for SBOMs in July 2021. Here's a practical breakdown of what's required, what's optional, and where most organizations fall short.
CVSS scores alone lead to alert fatigue and misallocated resources. Here's how EPSS, reachability analysis, and exploit intelligence create a smarter prioritization model.
Cream Finance suffered its third exploit in 2021, losing $130 million through a sophisticated flash loan attack that exposed fundamental vulnerabilities in DeFi lending protocols.
Weekly insights on software supply chain security, delivered to your inbox.