Safeguard
Tag

incident-analysis

Safeguard articles tagged "incident-analysis" — guides, analysis, and best practices for software supply chain and application security.

52 articles

Incident Analysis

How to set up an incident response plan

A practical guide to building an incident response plan for software supply chain security, with a ready-to-use playbook template and concrete detection steps.

Feb 9, 20268 min read
Incident Analysis

How to configure SIEM alerting rules

A step-by-step guide to configure SIEM alerting rules: from use case development through Splunk alert configuration to detection rule tuning.

Feb 9, 20268 min read
Incident Analysis

event-stream / flatmap-stream npm backdoor incident

How a trusted npm maintainer handoff let attackers plant a wallet-draining backdoor in event-stream, and what it still teaches security teams today.

Jan 4, 20266 min read
Incident Analysis

ctx and colourama PyPI typosquat malware incident

The ctx and colourama PyPI typosquatting malware incident shows how account takeover and name-squatting delivered credential-stealing code to devs.

Dec 29, 20257 min read
Incident Analysis

The XZ Utils backdoor: anatomy of a supply chain attack

A two-year maintainer-trust takeover placed a pre-auth SSH backdoor inside xz-utils. Heres how CVE-2024-3094 was built, hidden, and caught in time.

Nov 8, 20257 min read
Incident Analysis

Codecov Bash Uploader supply chain breach

A look back at the 2021 Codecov Bash Uploader breach: how a tampered CI script exfiltrated secrets for two months, and what it teaches about supply chain risk.

Nov 8, 20257 min read
Incident Analysis

UAParser.js npm package compromise

A deep dive into the 2021 ua-parser-js npm compromise: how a hijacked maintainer account delivered cryptominers and credential stealers to millions.

Nov 8, 20257 min read
Incident Analysis

Polyfill.io supply chain attack

How a domain sale turned a trusted CDN into a malware vector for 100,000+ sites — and what the polyfill.io incident teaches defenders about third-party script risk.

Nov 8, 20257 min read
Incident Analysis

3CX desktop app supply chain compromise

A breakdown of the 3CX supply chain compromise: how Lazarus-linked attackers poisoned a signed desktop build via a nested vendor attack chain.

Nov 7, 20257 min read
Incident Analysis

PHP Git server compromise incident (2021)

In 2021, attackers pushed a hidden RCE backdoor into PHP's own source repo under forged maintainer names — a supply chain near-miss worth revisiting.

Nov 7, 20258 min read
Incident Analysis

Colors.js and Faker.js maintainer sabotage incident

In January 2022, colors.js and faker.js maintainer Marak Squires sabotaged his own packages, breaking thousands of builds—no compromise required.

Nov 7, 20257 min read
Incident Analysis

node-ipc protestware incident

How a trusted maintainer turned node-ipc into "protestware," why transitive dependencies hid the blast radius, and what SBOM visibility could have prevented.

Nov 7, 20257 min read
incident-analysis (Page 3) — Safeguard Blog