Safeguard
Tag

cache-poisoning

Safeguard articles tagged "cache-poisoning" — guides, analysis, and best practices for software supply chain and application security.

7 articles

Application Security

DNS attack techniques and defenses

Cache poisoning, tunneling, and NXDOMAIN floods all abuse the same trust: DNS was built to be fast and open, not authenticated.

Jul 12, 20266 min read
Software Supply Chain Security

The Ultralytics AI pwn request supply chain attack

How a malicious pull request, a poisoned GitHub Actions cache, and a stored PyPI token turned the Ultralytics YOLO package into a cryptominer.

Jul 3, 20267 min read
Software Supply Chain Security

TanStack's Build Pipeline Got Hijacked and Still Signed Valid SLSA Provenance (May 2026)

On May 11, 2026, attackers chained a pull_request_target abuse, cache poisoning, and OIDC token theft to publish 84 malicious @tanstack npm versions from TanStack's own trusted pipeline. It is the first npm compromise to carry valid SLSA provenance.

May 15, 202611 min read
Emerging Technology

DNS Cache Poisoning for Software Updates: 2025

DNS cache poisoning is a known attack class with a new application: hijacking software update checks to ship malicious binaries that pass every signature check.

Mar 20, 20268 min read
Emerging Technology

GitHub Actions Cache Poisoning Attack Class 2025

GitHub Actions caches were never designed as a trust boundary. In 2025 researchers turned that mismatch into a repeatable supply-chain attack pattern.

Mar 17, 20268 min read
Web Security

Cache Poisoning Attacks: How They Work and How to Prevent Them

Cache poisoning attacks manipulate web caches to serve malicious content to other users. This guide covers web cache poisoning, DNS cache poisoning, and practical defenses for modern applications.

Sep 5, 20237 min read
Web Security

CDN Poisoning Attacks: How Cached Content Becomes a Weapon

CDN cache poisoning turns your performance infrastructure into an attack vector. When the cache serves malicious content to every user, the blast radius is massive and immediate.

Feb 12, 20236 min read
cache-poisoning — Safeguard Blog