Safeguard
Tag

incident-analysis

Safeguard articles tagged "incident-analysis" — guides, analysis, and best practices for software supply chain and application security.

52 articles

Incident Analysis

Shai-Hulud self-propagating npm worm campaign

Inside Shai-Hulud, the self-propagating npm worm that hijacked publish tokens to auto-infect hundreds of packages across the JavaScript ecosystem.

Nov 6, 20257 min read
Incident Analysis

lottie-player npm supply chain compromise

A phishing-driven npm token takeover pushed a crypto wallet drainer into lottie-player, hitting 94K weekly downloads before LottieFiles shipped a fix.

Nov 6, 20257 min read
Incident Analysis

jQuery CDN supply chain risk analysis

jQuery loads on ~75% of websites, often via CDNs with no SRI or version pinning. The cdnjs RCE and Polyfill.io hijack show why that trust model keeps failing.

Nov 6, 20258 min read
Incident Analysis

XcodeGhost iOS supply chain malware campaign

XcodeGhost hid inside Xcode itself, silently infecting 4,000+ App Store apps like WeChat. Here is how the iOS supply chain malware campaign worked.

Nov 6, 20258 min read
Incident Analysis

Dependency confusion attacks against major tech companies

A look at the dependency confusion attacks that hit Apple, Microsoft, PayPal, and PyTorch — and why the technique still works against top engineering orgs.

Nov 5, 20257 min read
Incident Analysis

GitHub Actions supply chain risk report

A look at the tj-actions/changed-files compromise and the broader trend of GitHub Actions supply chain attacks — and what security teams should do now.

Nov 5, 20257 min read
Incident Analysis

Docker Hub cryptojacking campaign analysis

Safeguard tracked a six-week Docker Hub cryptojacking campaign using 41 trojanized images, delayed payloads, and base-image laundering to evade scanners.

Nov 5, 20257 min read
Incident Analysis

chalk and debug npm package compromise incident

A phished maintainer account led to a malicious npm publish of chalk, debug, and 16 related packages, exposing a crypto-clipper to billions of weekly downloads.

Nov 5, 20257 min read
Incident Analysis

Zoom Incidents: Software Supply Chain Dimensions

Zoom's security history from 2020 onward reshaped how the industry thinks about conferencing software supply chains, from installers to third-party components.

Dec 28, 20247 min read
Incident Analysis

Mailchimp 2022-2023 Incidents: A Timeline

Mailchimp disclosed three social-engineering-driven intrusions in thirteen months; the timeline illustrates how repeated incidents shape vendor trust.

Nov 25, 20247 min read
Incident Analysis

Slack 2022-2023 Incidents: Operational Retrospective

Slack disclosed a stolen-token incident over the 2022 holidays and a related GitHub repository access event; the operational lessons apply broadly.

Oct 20, 20247 min read
Incident Analysis

The GitHub Dependabot Token Incident: Retrospective

In 2023, attackers used stolen GitHub personal access tokens to push malicious commits masquerading as Dependabot; a short-sharp incident with lasting lessons.

Aug 15, 20247 min read
incident-analysis (Page 4) — Safeguard Blog