Emerging Technology
In-depth guides and analysis on emerging technology from the Safeguard engineering team.
17 articles
Symbol Conflict and Binary Planting Attacks 2025
Symbol conflicts and binary planting are the oldest native-code attacks, and they are showing up in modern software supply chains in unexpected places.
Software Supply Chain Side-Channel Attacks 2025
Side-channel attacks are moving from hardware into software supply chains, where build-time timing, error messages, and telemetry leak meaningful secrets.
Reflection-Based Dependency Confusion Techniques
Dependency confusion is moving beyond name-typosquat. Reflection-based techniques let attackers hijack packages through dynamic imports and runtime resolution.
npm Garbage Collection Abuse: Attack Research
npm's unpublish and tarball retention rules create a narrow but real window for attackers to reclaim deleted names and swap tarball contents. Here is the 2025 research.
DNS Cache Poisoning for Software Updates: 2025
DNS cache poisoning is a known attack class with a new application: hijacking software update checks to ship malicious binaries that pass every signature check.
GitHub Actions Cache Poisoning Attack Class 2025
GitHub Actions caches were never designed as a trust boundary. In 2025 researchers turned that mismatch into a repeatable supply-chain attack pattern.
Confused Deputy Attacks on CI/CD Service Accounts
Build systems hold broad trust and tight deadlines, which makes them perfect confused deputies. Here is how the attack pattern shows up in modern CI/CD and how to defang it.
GitLab OIDC Token Theft: Workflow Research
GitLab CI OIDC tokens are becoming the keys to cloud kingdoms. Recent research shows how workflow misconfigurations leak them in surprising ways.
Leaky Vessels: The runc Container Escape Class (2024)
Leaky Vessels bundled four CVEs that let container processes escape into the host. Two years later the class is still mispatched and misunderstood.
Post-Quantum Cryptography Transition: A Practical Guide for Engineering Teams
NIST has finalized its post-quantum standards. Here's a hands-on guide for engineering teams beginning the migration from classical to quantum-resistant cryptography.
Confidential Computing: A New Trust Model for Software Supply Chains
Confidential computing protects data in use through hardware-based enclaves. It could fundamentally change how we think about supply chain trust.
Edge Computing and the Distributed Supply Chain Security Challenge
As compute moves to the edge, software supply chain security must adapt to environments with limited visibility, constrained resources, and vast attack surfaces.