Safeguard
Topic

Supply Chain Attacks

In-depth guides and analysis on supply chain attacks from the Safeguard engineering team.

92 articles

Supply Chain Attacks

node-ipc Protestware: When a Maintainer Weaponized the Supply Chain

The node-ipc package was deliberately sabotaged by its maintainer to protest the Russia-Ukraine conflict, wiping files on systems with Russian or Belarusian IP addresses. A watershed moment for supply chain trust.

Jan 8, 20225 min read
Supply Chain Attacks

Software Supply Chain Attacks 2021: A Complete Timeline

2021 was the year software supply chain attacks went mainstream. From SolarWinds aftermath to Log4Shell, here's every major incident and what they tell us about the threat landscape.

Dec 28, 20216 min read
Supply Chain Attacks

Pegasus Spyware and NSO Group: The Supply Chain of Surveillance

The Pegasus Project revealed NSO Group's spyware targeting journalists, activists, and politicians through zero-click exploits. This is what a weaponized supply chain looks like.

Sep 5, 20217 min read
Supply Chain Attacks

Typosquatting Attacks on npm and PyPI Explained

Attackers exploit human typos to distribute malware through package registries. Here's how typosquatting works, real examples, and how to protect your builds.

Aug 10, 20215 min read
Supply Chain Attacks

Dependency Confusion Attacks Explained

Alex Birsan's research showed how internal package names can be exploited to inject malicious code into corporate build systems. Here's how the attack works and how to defend against it.

Jun 10, 20216 min read
Supply Chain Attacks

Accellion FTA Breach: How a Legacy File Transfer Tool Became a Supply Chain Nightmare

The Accellion FTA breach hit over 100 organizations through a 20-year-old file transfer appliance. Here's what went wrong and why legacy software is a ticking time bomb.

May 25, 20216 min read
Supply Chain Attacks

Codecov Bash Uploader Compromise: A Supply Chain Attack on CI/CD

Attackers modified Codecov's bash uploader script to steal environment variables from CI pipelines. Thousands of repositories were exposed for two months.

May 20, 20215 min read
Supply Chain Attacks

SolarWinds SUNBURST: Lessons for Supply Chain Security

The SolarWinds attack compromised 18,000 organizations through a single tampered update. Six months later, here's what the industry should have learned.

May 15, 20215 min read
Supply Chain Attacks (Page 8) — Supply Chain Security Blog | Safeguard