Safeguard
Resources

Supply Chain Security, in plain English.

Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.

All (2193)AI Security (338)DevSecOps (175)Best Practices (168)Open Source Security (142)Vulnerability Analysis (103)Industry Analysis (100)Incident Analysis (86)Regulatory Compliance (74)Container Security (74)Application Security (73)Compliance (72)Vulnerability Management (59)Software Supply Chain Security (51)Threat Intelligence (41)Cloud Security (39)Supply Chain Attacks (36)Product (35)SBOM (34)SBOM & Compliance (30)Supply Chain Security (25)Ransomware (21)Infrastructure Security (20)Industry Guides (19)Compliance & Regulations (18)Emerging Technology (17)Case Studies (17)Risk Management (16)Tool Reviews (16)Incident Response (15)Security Strategy (13)Dependency Security (11)Web Security (11)Kubernetes Security (9)Company (8)Architecture (8)Industry Trends (7)Secure Development (7)AppSec (7)How-To Guide (7)Zero-Day Exploits (7)Network Security (7)Dependency Management (7)Data Breach (7)Regulation (6)Research (6)Tutorials (6)Security Operations (6)Organizational Security (6)Developer Security (6)Open Source (5)Breach Analysis (5)Code Security (5)Agent Security (4)Product Launch (4)Offensive Security (4)Tool Comparisons (4)Standards (3)Tools (3)Build Security (3)Supply Chain (3)Vulnerability Research (3)Compliance & Frameworks (3)Regional Security (3)Policy & Compliance (3)SBOM Standards (3)Software Supply Chain (3)Analysis (3)Startup Security (3)Mobile Security (3)Hardware Security (3)Security (2)Frameworks (2)Zero-Day Analysis (2)Industry News (2)Release (2)SBOM and Compliance (2)Security Management (2)Threat Actors (2)API Security (2)Security Architecture (2)Security Culture (2)Social Engineering (2)DeFi Security (2)Cryptocurrency Security (2)Technical (1)Healthcare (1)Events (1)Policy (1)Product Update (1)Engineering (1)Language Security (1)Emerging Threats (1)Privacy (1)Lifecycle Management (1)Career Development (1)Tools & Platforms (1)Threat Modeling (1)Browser Security (1)Threat Analysis (1)Business Continuity (1)Runtime Security (1)Governance (1)Healthcare Security (1)Credential Attacks (1)Identity Security (1)PKI Security (1)Architecture Security (1)Nation-State Threats (1)Tools & Techniques (1)Privacy & Security (1)

Articles

RSS feed
Data Breach

LinkedIn Data Scraping: 700 Million User Records Sold on the Dark Web

A threat actor scraped data from 700 million LinkedIn users — 93% of the platform's user base — and put it up for sale, reigniting the debate over API abuse and data privacy.

Jul 20, 20215 min read
Open Source Security

npm Package ua-parser-js Compromised: 8 Million Weekly Downloads Weaponized

Attackers hijacked the ua-parser-js npm package account and published malicious versions containing cryptominers and password stealers. The package gets 8 million downloads per week.

Jul 15, 20215 min read
Incident Analysis

Kaseya VSA Ransomware: A Supply Chain Analysis

REvil chained three zero-days in Kaseya VSA to push ransomware through 1,500 MSP customers on July 2, 2021. Here is the technical anatomy.

Jul 8, 20216 min read
Vulnerability Analysis

PrintNightmare CVE-2021-34527: The Windows Print Spooler Bug That Haunted Every Enterprise

PrintNightmare gave attackers SYSTEM-level access through the Windows Print Spooler service running on nearly every Windows machine. The patch rollout was a mess.

Jul 8, 20217 min read
Incident Response

Kaseya VSA Ransomware: Supply Chain Attack Hits 1,500 Businesses

REvil exploited Kaseya's VSA platform to push ransomware to managed service providers and their customers. Up to 1,500 businesses were hit in a single weekend.

Jul 5, 20215 min read
Data Breach

Facebook Data Leak: 533 Million Users Exposed Through a Contact Import Feature

Personal data from 533 million Facebook users across 106 countries was posted on a hacking forum, exposing phone numbers, emails, and personal details scraped through a contact import vulnerability.

Jul 2, 20215 min read
Application Security

MessagePack Security Implications: Binary Serialization Risks

MessagePack is faster than JSON but shares some of JSON's security pitfalls while adding new ones. Here is what to watch for.

Jun 25, 20215 min read
Risk Management

Disaster Recovery Planning for Software Supply Chain Incidents

When a supply chain attack hits, your DR plan needs to cover more than just infrastructure failover. Here is how to prepare for the worst.

Jun 22, 20217 min read
Zero-Day Exploits

Microsoft Exchange HAFNIUM Attack: Four Zero-Days That Compromised 30,000 Organizations

Chinese state-sponsored group HAFNIUM exploited four zero-day vulnerabilities in Microsoft Exchange Server, compromising an estimated 30,000 US organizations and hundreds of thousands globally.

Jun 20, 20215 min read
Page 241 of 244

Stay informed

Weekly insights on software supply chain security, delivered to your inbox.

Blog | Safeguard — Software Supply Chain Security Insights