Safeguard
Topic

Incident Analysis

In-depth guides and analysis on incident analysis from the Safeguard engineering team.

137 articles

Incident Analysis

Ascension Health Black Basta Ransomware: 5.6M Patients Impacted

Black Basta encrypted Ascension's network on May 8, 2024 via a malicious file downloaded by an employee, diverting ambulances across 140 hospitals and ultimately notifying 5.6 million patients.

Jan 22, 20256 min read
Incident Analysis

Salt Typhoon Telco Intrusion: What We Know

Salt Typhoon breached at least nine U.S. carriers, exposing lawful intercept systems. We unpack the attack chain and what telcos must fix in 2025.

Jan 14, 20254 min read
Incident Analysis

Zoom Incidents: Software Supply Chain Dimensions

Zoom's security history from 2020 onward reshaped how the industry thinks about conferencing software supply chains, from installers to third-party components.

Dec 28, 20247 min read
Incident Analysis

Blue Yonder Termite Ransomware: SaaS Supply-Chain Outage in Retail

In November 2024 the Termite ransomware group hit Blue Yonder, taking workforce-management and logistics SaaS offline for Starbucks, Sainsbury's, and Morrisons. We unpack the SaaS supply-chain blast radius.

Dec 19, 20247 min read
Incident Analysis

Schneider Electric Hellcat: Jira, Infostealers, and Baguette Ransoms

In November 2024 the Hellcat ransomware group breached Schneider Electric's Atlassian Jira via Lumma infostealer credentials. We unpack the SaaS supply-chain anatomy and the project-tracker as data target.

Dec 15, 20247 min read
Incident Analysis

Port of Seattle Rhysida: Airport Ransomware and the Public-Sector Tail

On August 24, 2024, Rhysida ransomware took down Port of Seattle systems including Sea-Tac airport check-in, baggage, and the Port website. The Port refused a $6 million ransom. We unpack the case.

Dec 5, 20247 min read
Incident Analysis

Mailchimp 2022-2023 Incidents: A Timeline

Mailchimp disclosed three social-engineering-driven intrusions in thirteen months; the timeline illustrates how repeated incidents shape vendor trust.

Nov 25, 20247 min read
Incident Analysis

Slack 2022-2023 Incidents: Operational Retrospective

Slack disclosed a stolen-token incident over the 2022 holidays and a related GitHub repository access event; the operational lessons apply broadly.

Oct 20, 20247 min read
Incident Analysis

LastPass 2022-2023: A Retrospective at Depth

A detailed walk through the two LastPass breaches of 2022 and their long 2023 tail, reconstructing how a developer laptop became a vault disclosure.

Sep 15, 20247 min read
Incident Analysis

The GitHub Dependabot Token Incident: Retrospective

In 2023, attackers used stolen GitHub personal access tokens to push malicious commits masquerading as Dependabot; a short-sharp incident with lasting lessons.

Aug 15, 20247 min read
Incident Analysis

CrowdStrike Falcon Global Outage: A Post-Mortem Deep Dive

A technical reconstruction of the July 19 CrowdStrike Falcon sensor crash that grounded 8.5M Windows hosts, and what supply chain owners should change.

Jul 25, 20245 min read
Incident Analysis

CrowdStrike Falcon Update Triggers Global IT Outage: What Happened

On July 19, 2024, a faulty CrowdStrike Falcon sensor update caused 8.5 million Windows machines to blue-screen worldwide, grounding flights, halting hospitals, and exposing the fragility of centralized security infrastructure.

Jul 19, 20246 min read
Incident Analysis (Page 7) — Supply Chain Security Blog | Safeguard