Threat Research
In-depth guides and analysis on threat research from the Safeguard engineering team.
16 articles
What Is Protestware? When Maintainers Weaponize Their Own Packages
Protestware is open-source code a maintainer deliberately alters to make a political or personal statement, sometimes sabotaging users. Here is how it works and how to defend.
Lessons from SolarWinds: When the Build Pipeline Becomes the Attack Surface
The SUNBURST backdoor reached roughly 18,000 organizations through a trojanized SolarWinds Orion update. Here is what actually happened, and the defenses that hold up years later.
What Is a Malicious Package? Supply-Chain Malware in Open Source
A malicious package is an open-source component built or altered to run attacker code on install or at runtime. Here is how they work, real npm and PyPI cases, and how to defend.
What Is a Software Supply Chain Attack? Explained
A software supply chain attack compromises the code, tools, or pipeline your software depends on — not the product itself. Here is how it works and how to defend.