Safeguard
Topic

Emerging Technology

In-depth guides and analysis on emerging technology from the Safeguard engineering team.

17 articles

Emerging Technology

Symbol Conflict and Binary Planting Attacks 2025

Symbol conflicts and binary planting are the oldest native-code attacks, and they are showing up in modern software supply chains in unexpected places.

Apr 1, 20268 min read
Emerging Technology

Software Supply Chain Side-Channel Attacks 2025

Side-channel attacks are moving from hardware into software supply chains, where build-time timing, error messages, and telemetry leak meaningful secrets.

Mar 29, 20268 min read
Emerging Technology

Reflection-Based Dependency Confusion Techniques

Dependency confusion is moving beyond name-typosquat. Reflection-based techniques let attackers hijack packages through dynamic imports and runtime resolution.

Mar 26, 20268 min read
Emerging Technology

npm Garbage Collection Abuse: Attack Research

npm's unpublish and tarball retention rules create a narrow but real window for attackers to reclaim deleted names and swap tarball contents. Here is the 2025 research.

Mar 23, 20268 min read
Emerging Technology

DNS Cache Poisoning for Software Updates: 2025

DNS cache poisoning is a known attack class with a new application: hijacking software update checks to ship malicious binaries that pass every signature check.

Mar 20, 20268 min read
Emerging Technology

GitHub Actions Cache Poisoning Attack Class 2025

GitHub Actions caches were never designed as a trust boundary. In 2025 researchers turned that mismatch into a repeatable supply-chain attack pattern.

Mar 17, 20268 min read
Emerging Technology

Confused Deputy Attacks on CI/CD Service Accounts

Build systems hold broad trust and tight deadlines, which makes them perfect confused deputies. Here is how the attack pattern shows up in modern CI/CD and how to defang it.

Mar 15, 20268 min read
Emerging Technology

GitLab OIDC Token Theft: Workflow Research

GitLab CI OIDC tokens are becoming the keys to cloud kingdoms. Recent research shows how workflow misconfigurations leak them in surprising ways.

Feb 8, 20268 min read
Emerging Technology

Leaky Vessels: The runc Container Escape Class (2024)

Leaky Vessels bundled four CVEs that let container processes escape into the host. Two years later the class is still mispatched and misunderstood.

Feb 4, 20267 min read
Emerging Technology

Post-Quantum Cryptography Transition: A Practical Guide for Engineering Teams

NIST has finalized its post-quantum standards. Here's a hands-on guide for engineering teams beginning the migration from classical to quantum-resistant cryptography.

Mar 22, 20245 min read
Emerging Technology

Confidential Computing: A New Trust Model for Software Supply Chains

Confidential computing protects data in use through hardware-based enclaves. It could fundamentally change how we think about supply chain trust.

Oct 22, 20235 min read
Emerging Technology

Edge Computing and the Distributed Supply Chain Security Challenge

As compute moves to the edge, software supply chain security must adapt to environments with limited visibility, constrained resources, and vast attack surfaces.

Sep 8, 20236 min read
Emerging Technology — Supply Chain Security Blog | Safeguard