Vulnerability Analysis
In-depth guides and analysis on vulnerability analysis from the Safeguard engineering team.
568 articles
The left-pad npm Incident Explained
No CVE, no CVSS — just one unpublished package that broke the internet's build pipelines. Here's what left-pad still teaches security teams.
The clawdhub Malicious AI Agent Skills Campaign Explained
A coordinated supply-chain campaign poisoned 1,184+ ClawHub AI agent skills, stealing crypto wallets and SSH keys via CVE-2026-25253.
CUPS CVE-2024-47176: Network RCE via IPP
CVE-2024-47176 in cups-browsed lets attackers add rogue printers over UDP 631 and chain to RCE. Exploit flow, detection, and Linux distro impact.
PwnKit Five Years On: Why CVE-2021-4034 Still Lives in Production
PwnKit was a trivial local privilege escalation in polkit that affected nearly every Linux distribution for over a decade. The technical details and the residual risk in 2026.
SonicWall SMA 1000 CVE-2025-23006 Pre-Auth RCE
CVE-2025-23006 is a pre-auth deserialization RCE in SonicWall SMA 1000. Exploit chain, detection signals, and appliance hardening.
ScreenConnect CVE-2024-57727 Path Traversal Detailed
CVE-2024-57727 is a path traversal in ConnectWise ScreenConnect enabling arbitrary file read on self-hosted instances. Chain, detection, and patching.
What is Input Validation
Input validation stops malicious data at the door. See the CVEs — Equifax, Log4Shell, MOVEit — that prove why skipping it, or doing it wrong, is so costly.
What is Output Encoding
Output encoding neutralizes untrusted data before it reaches a browser or database -- the last line of defense against XSS, and most teams still get it wrong.
What is Input Sanitization
Input sanitization stops attacker-controlled data from executing as code. Learn how it works, how it differs from validation, and where it fails.
What Are Parameterized Queries
Parameterized queries stop SQL injection by binding user input as data instead of parsing it as SQL — here's how they work, and where they still fail.
Rails YAML deserialization RCE history and CVE-2013-0156 ...
A deep dive into CVE-2013-0156, the Rails YAML deserialization RCE that let attackers execute code via crafted requests, and how to remediate it.
What is a Man-in-the-Browser Attack
Man-in-the-browser malware rewrites transactions inside a victim's own browser, bypassing TLS and OTP 2FA -- here's how it works and how to stop it.