incident-analysis
Safeguard articles tagged "incident-analysis" — guides, analysis, and best practices for software supply chain and application security.
52 articles
How to set up an incident response plan
A practical guide to building an incident response plan for software supply chain security, with a ready-to-use playbook template and concrete detection steps.
How to configure SIEM alerting rules
A step-by-step guide to configure SIEM alerting rules: from use case development through Splunk alert configuration to detection rule tuning.
event-stream / flatmap-stream npm backdoor incident
How a trusted npm maintainer handoff let attackers plant a wallet-draining backdoor in event-stream, and what it still teaches security teams today.
ctx and colourama PyPI typosquat malware incident
The ctx and colourama PyPI typosquatting malware incident shows how account takeover and name-squatting delivered credential-stealing code to devs.
The XZ Utils backdoor: anatomy of a supply chain attack
A two-year maintainer-trust takeover placed a pre-auth SSH backdoor inside xz-utils. Heres how CVE-2024-3094 was built, hidden, and caught in time.
Codecov Bash Uploader supply chain breach
A look back at the 2021 Codecov Bash Uploader breach: how a tampered CI script exfiltrated secrets for two months, and what it teaches about supply chain risk.
UAParser.js npm package compromise
A deep dive into the 2021 ua-parser-js npm compromise: how a hijacked maintainer account delivered cryptominers and credential stealers to millions.
Polyfill.io supply chain attack
How a domain sale turned a trusted CDN into a malware vector for 100,000+ sites — and what the polyfill.io incident teaches defenders about third-party script risk.
3CX desktop app supply chain compromise
A breakdown of the 3CX supply chain compromise: how Lazarus-linked attackers poisoned a signed desktop build via a nested vendor attack chain.
PHP Git server compromise incident (2021)
In 2021, attackers pushed a hidden RCE backdoor into PHP's own source repo under forged maintainer names — a supply chain near-miss worth revisiting.
Colors.js and Faker.js maintainer sabotage incident
In January 2022, colors.js and faker.js maintainer Marak Squires sabotaged his own packages, breaking thousands of builds—no compromise required.
node-ipc protestware incident
How a trusted maintainer turned node-ipc into "protestware," why transitive dependencies hid the blast radius, and what SBOM visibility could have prevented.