incident-analysis
Safeguard articles tagged "incident-analysis" — guides, analysis, and best practices for software supply chain and application security.
52 articles
Shai-Hulud self-propagating npm worm campaign
Inside Shai-Hulud, the self-propagating npm worm that hijacked publish tokens to auto-infect hundreds of packages across the JavaScript ecosystem.
lottie-player npm supply chain compromise
A phishing-driven npm token takeover pushed a crypto wallet drainer into lottie-player, hitting 94K weekly downloads before LottieFiles shipped a fix.
jQuery CDN supply chain risk analysis
jQuery loads on ~75% of websites, often via CDNs with no SRI or version pinning. The cdnjs RCE and Polyfill.io hijack show why that trust model keeps failing.
XcodeGhost iOS supply chain malware campaign
XcodeGhost hid inside Xcode itself, silently infecting 4,000+ App Store apps like WeChat. Here is how the iOS supply chain malware campaign worked.
Dependency confusion attacks against major tech companies
A look at the dependency confusion attacks that hit Apple, Microsoft, PayPal, and PyTorch — and why the technique still works against top engineering orgs.
GitHub Actions supply chain risk report
A look at the tj-actions/changed-files compromise and the broader trend of GitHub Actions supply chain attacks — and what security teams should do now.
Docker Hub cryptojacking campaign analysis
Safeguard tracked a six-week Docker Hub cryptojacking campaign using 41 trojanized images, delayed payloads, and base-image laundering to evade scanners.
chalk and debug npm package compromise incident
A phished maintainer account led to a malicious npm publish of chalk, debug, and 16 related packages, exposing a crypto-clipper to billions of weekly downloads.
Zoom Incidents: Software Supply Chain Dimensions
Zoom's security history from 2020 onward reshaped how the industry thinks about conferencing software supply chains, from installers to third-party components.
Mailchimp 2022-2023 Incidents: A Timeline
Mailchimp disclosed three social-engineering-driven intrusions in thirteen months; the timeline illustrates how repeated incidents shape vendor trust.
Slack 2022-2023 Incidents: Operational Retrospective
Slack disclosed a stolen-token incident over the 2022 holidays and a related GitHub repository access event; the operational lessons apply broadly.
The GitHub Dependabot Token Incident: Retrospective
In 2023, attackers used stolen GitHub personal access tokens to push malicious commits masquerading as Dependabot; a short-sharp incident with lasting lessons.