Supply Chain Attacks
In-depth guides and analysis on supply chain attacks from the Safeguard engineering team.
92 articles
Microsoft's durabletask PyPI Package Compromised (19 May 2026): A Linux Wiper and Multi-Cloud Credential Theft
On 19 May 2026, three malicious versions of Microsoft's durabletask PyPI package were uploaded in a 35-minute window. The payload steals AWS, Azure, GCP, and Kubernetes credentials in under four seconds and ships a locale-gated rm -rf wiper.
node-ipc Compromised Again (14 May 2026): An 80 KB Credential Stealer in a 10M-Download Library
On 14 May 2026, three malicious node-ipc versions (9.1.6, 9.2.3, 12.0.1) shipped an 80 KB credential-stealing IIFE appended after module.exports in the CJS bundle — no install scripts, harvesting 90+ secret categories from a library with 10M+ weekly downloads.
RubyGems Suspends New Signups After a 500-Package Malicious Flood (May 2026)
On 12-13 May 2026, RubyGems was hit by a coordinated spam-publishing flood that pushed 500+ malicious packages from newly-registered bot accounts. The registry paused new signups and re-enabled them on 16 May after tightening rate limiting with Fastly.
RabbitMQ management plugin CVEs: brokers deserve database-grade SBOM scrutiny
Authentication and plugin-loading risks in RabbitMQ's management plugin show why message brokers, which hold credentials and pass payloads, should be inventoried with the same rigor as databases.
Netlify Build Plugins as arbitrary code execution at build time in 2026
The @netlify/plugin-* ecosystem runs in your build with full filesystem and network access. Here is how to evaluate, allowlist, and gate it in 2026.
Squid proxy memory corruption CVEs: a supply chain perspective
Squid's recurring memory-corruption CVEs in 2024 and 2025 are a reminder that transparent egress proxies sit on a critical path and rarely get the SBOM scrutiny their position deserves.
TanStack and the Mini Shai-Hulud npm Worm (May 2026): Anatomy of a CI-Native Supply Chain Attack
On 11-12 May 2026, the TeamPCP-linked Mini Shai-Hulud worm published 84 malicious artifacts across 42 TanStack npm packages in six minutes, then spread to 160+ packages by abusing GitHub Actions OIDC tokens and CI cache poisoning.
VS Code marketplace incident postmortem: what 2023-2024 actually taught us
Between 2023 and 2024 the VS Code Marketplace saw a string of typosquat, hijack, and impersonation incidents that shaped Microsoft's eventual hardening response. This is a composite postmortem of what happened, what changed, and what is still broken in 2026.
UEFI Secure Boot after BlackLotus and PKfail: what the trust chain still assumes
Secure Boot was designed to keep untrusted code from running before the operating system, but its trust anchors live in firmware that OEMs control and sometimes leak. BlackLotus and PKfail exposed the gap between the spec and the deployment.
Firefox add-on supply chain: how Mozilla's posture differs from Chrome's
Mozilla Add-ons applies mandatory signing, a stricter review path for extensions that touch broad permissions, and a separately maintained recommended-extensions program. Here is what that buys defenders in 2026 and where the gaps still are.
Chrome extension marketplace hijack: the acquired-and-weaponized pattern
Legitimate Chrome extensions keep getting acquired and turned malicious, and content_scripts give the new owner code execution inside every user's browser session. Here is why the pattern keeps working in 2026 and what defenders can do about it.
BMC firmware and the supply chain you forgot you had
Baseboard management controllers run their own operating system below your hypervisor, ship as binary blobs from vendors like AMI and Insyde, and almost never appear in an SBOM. The MegaRAC incidents made that gap impossible to ignore.