Supply Chain Attacks
In-depth guides and analysis on supply chain attacks from the Safeguard engineering team.
92 articles
Cargo supply chain attacks: typosquatting and malicious c...
Crates.io typosquatting tricks Rust developers into pulling malicious crates instead of trusted ones. Here's how these attacks work — and how to spot them before you build.
PyPI mexalz Malware Campaign Deep Dive
Researchers tracked a PyPI campaign publishing malicious packages under the mexalz and related account names, targeting Python developers with infostealers.
Gradle build script injection and plugin supply chain att...
How attackers hijack Gradle plugins, typosquat the Plugin Portal, and inject code into build.gradle files to run with full CI trust — and how to stop it.
The npm 'everything' Package Attack (2024) Analyzed
In January 2024 a developer published npm packages that depended on every public npm package, triggering a denial-of-service style incident across the registry.
SolarWinds Sunburst: Five Years of Lessons in 2026
Half a decade after Sunburst, the build system compromise still defines how we think about software supply chain risk. A look at what stuck and what did not.
The PHP Source Code Git Server Backdoor Compromise of 2021
In 2021, attackers breached PHP's git server and pushed a backdoor under forged commits from top maintainers. Here's how the PHP git server compromise unfolded.
The Six-Month PEAR go-pear.phar Installer Compromise
How a single tampered PEAR go-pear.phar installer sat undetected on pear.php.net for months, what it could do, and what the PHP ecosystem learned about supply chain trust.
Software Supply Chain Security in 2023: Year in Review
From the MOVEit mass exploitation to AI model risks, 2023 proved that supply chain attacks are accelerating in both sophistication and scale. Here's what we learned.
SLSA v1.0: Software Provenance Attestation Goes Mainstream
The SLSA framework reached v1.0 in April 2023, providing a practical framework for software supply chain integrity that's already being adopted by major package registries.
Massive PyPI Malware Campaign Targets Developers with Credential Stealers
A sustained campaign flooded PyPI with hundreds of malicious packages using typosquatting and dependency confusion to steal credentials and cryptocurrency from developers.
JumpCloud Supply Chain Attack: North Korea's Lazarus Group Strikes Again
How North Korean threat actors compromised JumpCloud's infrastructure to target cryptocurrency firms through a sophisticated supply chain attack in July 2023.
MSI Breach: Intel Boot Guard Keys Leaked After Ransomware Attack
The Money Message ransomware gang breached MSI and leaked Intel Boot Guard private keys, undermining firmware security for millions of devices.