Safeguard
Topic

Incident Analysis

In-depth guides and analysis on incident analysis from the Safeguard engineering team.

137 articles

Incident Analysis

Okta LAPSUS$ Breach: When Your Identity Provider Gets Compromised

LAPSUS$ breached an Okta support contractor, gaining access to customer tenants. The incident raised critical questions about identity provider supply chain risk.

Mar 22, 20226 min read
Incident Analysis

Samsung LAPSUS$ Breach: 190GB of Source Code and the Cost of Insider Access

The LAPSUS$ group stole 190GB of Samsung source code including biometric authentication algorithms and bootloader code. The breach exposed critical device security internals.

Mar 7, 20226 min read
Incident Analysis

NVIDIA LAPSUS$ Breach: Stolen Code Signing Certificates Used to Sign Malware

When LAPSUS$ breached NVIDIA, they stole code signing certificates that were immediately weaponized to sign malware. The incident demonstrated how trust mechanisms become attack vectors.

Mar 1, 20227 min read
Incident Analysis

Twitch Source Code Leak: What 125GB of Exposed Data Tells Us About Internal Security

In October 2021, an anonymous hacker dumped Twitch's entire source code, internal tools, and creator payout data. The breach exposed systemic failures in access control and secret management.

Oct 8, 20215 min read
Incident Analysis

Travis CI Token Leak Retrospective

Travis CI exposed secrets from public repo forks for weeks in 2021. Here is the exact defect, who was affected, and the permanent takeaways.

Sep 20, 20216 min read
Incident Analysis

Kaseya VSA Ransomware: A Supply Chain Analysis

REvil chained three zero-days in Kaseya VSA to push ransomware through 1,500 MSP customers on July 2, 2021. Here is the technical anatomy.

Jul 8, 20216 min read
Incident Analysis

Codecov Bash Uploader Compromise: A Retrospective

A single altered line in Codecov's Bash Uploader leaked CI secrets for 69 days across thousands of repos. Here is what actually happened and why.

Apr 15, 20216 min read
Incident Analysis

SunBurst: A Supply Chain Attack Evolution Study

The SolarWinds SunBurst campaign rewrote the supply chain threat model. Five years of research reveal what changed and what defenders still miss.

Dec 18, 20206 min read
Incident Analysis

Shellshock, Five Years On: The Lessons That Stuck

Five years after CVE-2014-6271, Shellshock remains the clearest case study in how one interpreter bug becomes thousands of downstream holes.

Sep 24, 20196 min read
Incident Analysis

Heartbleed at Five Years: A Practitioner Retrospective

Five years after CVE-2014-0160, Heartbleed still shapes how we think about shared cryptographic libraries, disclosure ethics, and open-source funding.

Apr 7, 20196 min read
Incident Analysis

ASUS Live Update and ShadowHammer: The Backdoor

Operation ShadowHammer pushed a signed backdoor to roughly half a million ASUS laptops, targeting a list of 600 specific MAC addresses.

Mar 28, 20197 min read
Incident Analysis

XcodeGhost: When the Compiler Was the Attacker

XcodeGhost in 2015 infected at least 128 million iOS users through a malicious Xcode download. It is still the cleanest compiler-trust case.

Feb 18, 20197 min read
Incident Analysis (Page 11) — Supply Chain Security Blog | Safeguard