Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
Three VMware zero-days exploited in the wild in March 2025 let attackers escape virtual machine sandboxes. Broadcom patched, but the damage window was wide open.
Five vulnerabilities in Paragon Partition Manager's kernel driver were exploited in BYOVD attacks, allowing attackers to gain SYSTEM privileges on Windows systems. Microsoft added the driver to its blocklist.
A practitioner's methodology for using LLMs to augment — not replace — traditional bug discovery workflows, with patterns that hold up under real review load.
Software supply chain attacks have surged 742% since 2019. This guide cuts through the noise to explain what executives need to know, what questions to ask, and where to invest.
A practical hardening playbook for GitLab 17.8 covering runner isolation, OIDC federation, CI variable scoping, and protected branch enforcement.
A critical authentication bypass in Juniper's Session Smart Router lets remote attackers hijack admin sessions. Here's what happened, why it matters, and what to do.
Anthropic's Model Context Protocol standardizes how AI models interact with external tools. The security implications for software supply chains are significant.
Qilin has rapidly become one of the most active ransomware operations, targeting healthcare, manufacturing, and critical infrastructure. A technical breakdown of their methods.
Microsoft patched an actively exploited privilege escalation vulnerability in Power Pages, its low-code web platform. The flaw allowed unauthorized users to gain elevated access within affected sites.
Weekly insights on software supply chain security, delivered to your inbox.