Safeguard.sh
Resources

Supply Chain Security, in plain English.

Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.

All (1954)AI Security (294)DevSecOps (153)Open Source Security (132)Best Practices (126)Vulnerability Analysis (98)Incident Analysis (83)Industry Analysis (80)Application Security (73)Compliance (68)Container Security (64)Software Supply Chain Security (51)Vulnerability Management (47)Regulatory Compliance (42)Threat Intelligence (41)Supply Chain Attacks (36)Product (35)Cloud Security (35)SBOM (34)Supply Chain Security (25)Ransomware (21)Infrastructure Security (20)SBOM & Compliance (19)Industry Guides (19)Compliance & Regulations (18)Emerging Technology (17)Case Studies (17)Risk Management (16)Tool Reviews (16)Incident Response (15)Security Strategy (13)Dependency Security (11)Web Security (11)Kubernetes Security (9)Company (8)Architecture (8)Industry Trends (7)Secure Development (7)AppSec (7)How-To Guide (7)Zero-Day Exploits (7)Network Security (7)Dependency Management (7)Data Breach (7)Research (6)Tutorials (6)Security Operations (6)Organizational Security (6)Developer Security (6)Open Source (5)Breach Analysis (5)Code Security (5)Product Launch (4)Offensive Security (4)Tool Comparisons (4)Build Security (3)Vulnerability Research (3)Compliance & Frameworks (3)Regional Security (3)Policy & Compliance (3)SBOM Standards (3)Software Supply Chain (3)Analysis (3)Startup Security (3)Mobile Security (3)Hardware Security (3)Security (2)Zero-Day Analysis (2)Industry News (2)Release (2)SBOM and Compliance (2)Security Management (2)Threat Actors (2)API Security (2)Security Architecture (2)Security Culture (2)Social Engineering (2)DeFi Security (2)Cryptocurrency Security (2)Technical (1)Healthcare (1)Events (1)Frameworks (1)Product Update (1)Standards (1)Engineering (1)Language Security (1)Emerging Threats (1)Privacy (1)Lifecycle Management (1)Career Development (1)Tools & Platforms (1)Threat Modeling (1)Browser Security (1)Threat Analysis (1)Business Continuity (1)Runtime Security (1)Governance (1)Healthcare Security (1)Credential Attacks (1)Identity Security (1)PKI Security (1)Architecture Security (1)Nation-State Threats (1)Tools & Techniques (1)Privacy & Security (1)

Articles

RSS feed
Regulatory Compliance

Canadian Cyber Centre Supply Chain Guidance

The CCCS's 2024-2025 supply chain guidance and Bill C-26 reshape Canada's expectations for SBOMs, vendor assurance, and protection of critical cyber systems.

Feb 18, 20255 min read
Open Source Security

Python Cython Extensions and the Supply Chain

Cython-built Python extensions ship as platform-specific binaries with a build toolchain behind them. That introduces supply chain surface most teams have not mapped.

Feb 14, 20257 min read
Vulnerability Analysis

Palo Alto PAN-OS Authentication Bypass: CVE-2025-0108

A path traversal flaw in Palo Alto Networks PAN-OS management web interface allowed unauthenticated access to sensitive REST API endpoints. Exploitation began within days of disclosure.

Feb 12, 20255 min read
Threat Intelligence

AI Deepfake Phishing Campaigns in 2025: When Seeing and Hearing Isn't Believing

AI-generated voice and video deepfakes powered a new wave of phishing campaigns in early 2025. The technology is cheap, the results are convincing, and defenses are lagging.

Feb 10, 20257 min read
Industry Analysis

AI Code Assistants and Security: The Hidden Risks in 2025

AI coding assistants are generating millions of lines of production code. But they also introduce dependency hallucinations, insecure patterns, and supply chain risks that security teams need to address.

Feb 8, 20256 min read
Industry Analysis

2025 Bug Bounty Program Reforms: What Changed

From Microsoft's AI bounty expansion to the EU CRA's good-faith researcher protections, bug bounty rules of engagement shifted meaningfully in early 2025.

Feb 4, 20255 min read
Vulnerability Analysis

Zyxel Router Command Injection: CVE-2024-40891 Exploited in the Wild

Threat actors began mass-exploiting a Telnet-based command injection flaw in Zyxel CPE routers, with over 1,500 devices compromised in botnet campaigns. Zyxel initially refused to patch.

Feb 4, 20255 min read
Vulnerability Management

How to Run Grype in Offline/Airgap Environments

A hands-on tutorial for running Grype vulnerability scans in offline and airgapped environments, including vulnerability database hosting and CI integration.

Jan 28, 20255 min read
Vulnerability Analysis

SonicWall SMA 1000 Zero-Day: CVE-2025-23006 Pre-Auth RCE

SonicWall disclosed CVE-2025-23006, a critical deserialization vulnerability in its SMA 1000 series gateways that was actively exploited as a zero-day before patches were available.

Jan 22, 20255 min read
Page 78 of 218

Stay informed

Weekly insights on software supply chain security, delivered to your inbox.

Blog | Safeguard.sh — Software Supply Chain Security Insights