Safeguard
Topic

Supply Chain Attacks

In-depth guides and analysis on supply chain attacks from the Safeguard engineering team.

92 articles

Supply Chain Attacks

When the Vulnerability Is the Design: MCP STDIO Command Injection Across 150M Downloads (May 2026)

OX Security documented command injection through the MCP STDIO transport across Python, TypeScript, Java, and Rust SDKs. Anthropic calls the behavior by-design and won't patch upstream. That leaves the fix to thousands of downstream projects.

May 6, 202611 min read
Supply Chain Attacks

tj-actions Supply Chain Attack March 2025: A Postmortem

The tj-actions/changed-files compromise exposed CI secrets across thousands of public repositories. A postmortem on the attack chain and the GitHub Actions trust model.

Apr 28, 20265 min read
Supply Chain Attacks

Go Toolchain Supply Chain Risks: 2025 Research

2025 research on Go toolchain supply chain risks: module proxy abuse, replace directive attacks, cgo linker vectors, and the hardening patterns Go shops should adopt.

Apr 6, 20268 min read
Supply Chain Attacks

Composer/PHP Supply Chain Threats: 2025 Report

A senior engineer's 2025 report on Composer and Packagist supply chain threats: namespace abuse, abandoned maintainers, plugin hooks, and the attacks that actually landed on PHP shops.

Apr 2, 20268 min read
Supply Chain Attacks

Chrome Extension Cyberhaven Supply Chain Attack 2024

A technical retrospective on the 2024 Cyberhaven Chrome extension compromise: the phishing chain, the malicious OAuth flow, the exfiltration payload, and what actually changes browser-extension supply chain defense.

Mar 30, 20268 min read
Supply Chain Attacks

How to Detect Dependency Confusion Attacks Before They Ship

Dependency confusion still works in 2026 because teams keep missing the same three controls. Here's how to detect and block it in npm, pip, and Maven.

Mar 27, 20268 min read
Supply Chain Attacks

Ledger Connect Kit December 2023: A CDN Attack Retrospective

The Ledger Connect Kit compromise was a five-hour CDN attack that drained roughly $600k from connected wallets. A look at how it happened and what defenders learned.

Mar 12, 20265 min read
Supply Chain Attacks

VS Code Marketplace Malware Campaigns in 2025

A senior engineer's review of the 2025 VS Code Marketplace malware wave, including typosquats, trojanized themes, and extensions that stole npm tokens at scale.

Mar 11, 20267 min read
Supply Chain Attacks

OSS Maintainer Account Takeover Trends 2025

A senior engineer's breakdown of how maintainer account takeovers evolved in 2025, from phishing kits targeting PyPI to session token theft on GitHub and npm.

Mar 7, 20267 min read
Supply Chain Attacks

npm Protestware Patterns From 2020 to 2026

A senior engineer's view of six years of npm protestware, from colors.js to peacenotwar, and the supply chain lessons that still apply to modern JavaScript shops.

Mar 3, 20267 min read
Supply Chain Attacks

npm Slopsquat: The Hallucinated Package Risk in 2026

Slopsquatting is the practice of registering package names that LLMs hallucinate, turning AI coding assistants into an accidental distribution channel.

Feb 18, 20267 min read
Supply Chain Attacks

Maven Central Malicious Publishing Trends 2025

Maven Central has historically been the quietest major registry for malware, but 2025 saw a measurable uptick in malicious artifacts and namespace abuse.

Feb 10, 20266 min read
Supply Chain Attacks (Page 5) — Supply Chain Security Blog | Safeguard