incident-response
Safeguard articles tagged "incident-response" — guides, analysis, and best practices for software supply chain and application security.
95 articles
High-profile AWS breaches: lessons learned
Capital One's 2019 breach exposed 106 million records through a single SSRF call to the EC2 metadata service — here's the exact control that would have stopped it.
Secrets detection to prevent data breaches
GitGuardian found 12.8 million new secrets exposed on public GitHub in 2023, up 28% year over year — and most of them stayed live for days after leaking.
OWASP A09: Security Logging and Monitoring Failures — A Deep-Dive Guide
Security Logging and Monitoring Failures rank #9 in the OWASP Top 10 (2021). A deep dive into undetected breaches, dwell time, real incidents, and how to fix it.
The Codecov Bash uploader breach
How a Docker image flaw let attackers tamper with Codecov's Bash Uploader for 65 days, exfiltrating CI secrets from HashiCorp, Twilio, and more.
3CX DesktopApp supply chain compromise
How North Korea-linked hackers turned a signed, trusted 3CX VoIP installer into malware — and the double supply chain attack that made it possible.
Axios npm package RAT supply chain compromise
A compromised maintainer account pushed malicious axios releases carrying a cross-platform RAT to npm on March 31, 2026 — here's the full timeline and IOCs.
Software Supply Chain Security for SRE Teams
For SRE teams, supply chain risk is a reliability problem — a zero-day in a production image is an incident waiting to page you. Here is how to own runtime posture, gate deploys, and answer 'where does this run?' in minutes instead of days.
How to Rotate Leaked API Keys (2026 Playbook)
A leaked API key is a live credential until you kill it. Here is a provider-agnostic rotation playbook — grounded in the Toyota T-Connect and CircleCI incidents — that revokes access without breaking production.
Log4j-style incident response using SBOM inventories
How SBOM inventories turned days of Log4Shell triage into minutes-long queries — and why scanner-first tools like Mend.io struggled when every team needed answers at once.
What Is Security Logging?
Security logging records security-relevant events so activity can be monitored, investigated, and audited. Learn what to log, how it works, and the common pitfalls.
A Defender's Template for Package Registry Incident Communications, Built from the 2025-2026 Response Postmortems
The npm Shai-Hulud, PyPI credential-leak, and tj-actions response postmortems published through 2025-2026 reveal a common communication shape. Here is the template, the timing, and the policy that turns the template into a fast response.
SEC cybersecurity disclosure rules for public companies
The SEC's 2023 rules give public companies four business days to disclose material cyber incidents. Here's what triggers the clock, and how supply chain visibility keeps you compliant.