Safeguard
Topic

Threat Intelligence

In-depth guides and analysis on threat intelligence from the Safeguard engineering team.

64 articles

Threat Intelligence

What Is Post-Quantum Cryptography (for software supply ch...

Quantum computers will eventually break RSA and ECDSA. Here's what NIST's 2024 PQC standards, CNSA 2.0 deadlines, and "harvest now, decrypt later" mean for signed software supply chains.

Jun 2, 20267 min read
Threat Intelligence

ESET's May 2026 APT Report: Oil Shipments, Drone Makers, and a Poisoned npm Library

ESET's APT Activity Report (May 28, 2026) maps China-, North Korea-, Russia-, and Iran-aligned operations from October 2025 to March 2026 — including BlueNoroff's compromise of the axios npm package, a textbook supply-chain espionage event.

May 28, 202610 min read
Threat Intelligence

Screening Serpens (UNC1549): Iran-Nexus Espionage and the MiniUpdate RAT (May 2026)

Unit 42's May 22, 2026 report tracks the Iran-nexus group Screening Serpens deploying new MiniUpdate and MiniJunk V2 RATs against US, Israeli, and Gulf targets using job-themed lures and DLL sideloading.

May 23, 20268 min read
Threat Intelligence

SonicWall SonicOS Scanning Surge in May 2026: The CVE-2026-0400 Early-Warning Pattern

GreyNoise recorded ~597,000 SonicWall SonicOS scanning sessions on May 12, 2026, roughly 46x baseline. The pattern echoes the recon waves that preceded CVE-2026-0400's disclosure. Here is how to read the signal.

May 20, 202611 min read
Threat Intelligence

Nation-State Actors Operationalize AI: Inside GTIG's May 2026 Threat Tracker

Google's Threat Intelligence Group documented China, North Korea, Russia, and Iran moving AI from experiment to operations in May 2026 — AI-assisted vulnerability research, LLM-enabled malware, and obfuscated model-access infrastructure.

May 13, 202611 min read
Threat Intelligence

Malicious PyPI packages: common infiltration patterns

Real malicious PyPI package examples — typosquats, dependency confusion, hijacked maintainers, and crypto stealers — and how Safeguard catches them before install.

May 10, 20268 min read
Threat Intelligence

Malicious NuGet package campaigns targeting developers

Socket.dev has tracked malicious NuGet packages stealing wallets, banking credentials, and sabotaging industrial systems. See how Safeguard catches them first.

May 10, 20268 min read
Threat Intelligence

Typosquatting across package registries (npm, Go, PyPI)

Typosquatting has infected npm, PyPI, and now Go modules. We break down real attacks like crossenv and colourama, how Socket.dev detects them, and where the gaps remain.

May 9, 20267 min read
Threat Intelligence

Malicious browser and IDE extensions (Chrome, Firefox, VS...

How the Cyberhaven Chrome extension breach and the GlassWorm Open VSX worm exposed a supply chain blind spot that dependency scanners like Socket.dev don't cover.

May 9, 20266 min read
Threat Intelligence

Shadow-Earth-053: China-Aligned Espionage Across Asia and a NATO State (May 2026)

Trend Micro's May 1, 2026 disclosure of Shadow-Earth-053 documents a China-aligned campaign exploiting N-day Exchange and IIS flaws to plant Godzilla web shells and ShadowPad across government, defense, and civil-society targets in eight-plus countries.

May 2, 20269 min read
Threat Intelligence

Qilin Ransomware Supply Chain Tactics 2025

Qilin became a top ransomware operator in 2024-2025 by pairing edge-device exploitation with managed service provider compromise. Here is the supply chain breakdown.

Apr 11, 20268 min read
Threat Intelligence

Lazarus Financial Sector Campaigns 2024-2025

Lazarus Group's 2024-2025 financial sector campaigns combined exchange compromises, DeFi exploits, and developer social engineering. Here is what defenders must know.

Apr 4, 20268 min read
Threat Intelligence (Page 2) — Supply Chain Security Blog | Safeguard