Safeguard
Tag

account-takeover

Safeguard articles tagged "account-takeover" — guides, analysis, and best practices for software supply chain and application security.

17 articles

Supply Chain Attacks

Anatomy of an npm maintainer account takeover

A single phishing email hit eslint-config-prettier's ~30M weekly downloads in July 2025 — no code compromise needed, just a stolen npm login.

Jul 9, 20266 min read
Supply Chain Attacks

Anatomy of a PyPI Compromise: How durabletask Got Hijacked in 35 Minutes

Three malicious durabletask releases hit PyPI in a 35-minute window in May 2026 — a maintainer-token theft, not a code review failure.

Jul 8, 20266 min read
Threat Research

Lessons from the ua-parser-js Compromise: Four Hours, Eight Million Downloads a Week

A hijacked npm account turned a tiny User-Agent parser into a cryptominer and password stealer for a few hours in 2021. Here is what account takeover does at ecosystem scale.

Jul 7, 20266 min read
Vulnerability Analysis

GitLab Account Takeover via Password Reset (CVE-2023-7028) Explained

CVE-2023-7028 let attackers send GitLab password-reset links to an address they controlled — a zero-interaction account takeover scored 10.0. Here's the flaw and the fix.

Jul 5, 20265 min read
Threat Research

Maintainer Account Takeover Attacks: Hijacking Trust in Open Source

A maintainer account takeover lets an attacker publish malicious versions of a trusted package under a legitimate identity. Here is how it happens and how to defend.

Jul 3, 20266 min read
Vulnerability Analysis

What is Credential Stuffing

Credential stuffing uses billions of breached passwords to hijack accounts at scale. Learn how it works, real breaches it caused, and how to stop it.

Mar 26, 20266 min read
Supply Chain Attacks

OSS Maintainer Account Takeover Trends 2025

A senior engineer's breakdown of how maintainer account takeovers evolved in 2025, from phishing kits targeting PyPI to session token theft on GitHub and npm.

Mar 7, 20267 min read
Incident Analysis

UA-Parser-JS October 2021: A Deep Dive on the Attack

The ua-parser-js compromise of October 2021 paired credential theft with cryptominer and password stealer payloads. A close look at what happened and why.

Feb 17, 20265 min read
Software Supply Chain Security

Case study: crates.io maintainer account takeover and mal...

How a compromised maintainer credential becomes a crates.io account takeover and a malicious crate version in the Rust software supply chain.

Feb 4, 20269 min read
Open Source Security

Case study: RubyGems account takeover incidents and their...

A look at real RubyGems account takeover incidents, including the rest-client hijack, and what they reveal about Ruby supply chain risk.

Feb 2, 20268 min read
Open Source Security

CocoaPods Trunk Server Email Verification Bypass Enabling...

CVE-2024-38367 let attackers bypass email verification on the CocoaPods trunk server to take over pod owner accounts, threatening the iOS supply chain. Here's the impact and fix.

Nov 29, 20258 min read
Open Source Security

RubyGems.org domain takeover risk report

RubyGems.org hasn't adopted the domain-resurrection defenses PyPI rolled out in 2025 — leaving a proven account-takeover technique open across the Ruby ecosystem.

Nov 21, 20257 min read
account-takeover — Safeguard Blog