Safeguard
Tag

incident-response

Safeguard articles tagged "incident-response" — guides, analysis, and best practices for software supply chain and application security.

95 articles

Cloud Security

High-profile AWS breaches: lessons learned

Capital One's 2019 breach exposed 106 million records through a single SSRF call to the EC2 metadata service — here's the exact control that would have stopped it.

Jul 8, 20266 min read
Best Practices

Secrets detection to prevent data breaches

GitGuardian found 12.8 million new secrets exposed on public GitHub in 2023, up 28% year over year — and most of them stayed live for days after leaking.

Jul 8, 20268 min read
Security Guides

OWASP A09: Security Logging and Monitoring Failures — A Deep-Dive Guide

Security Logging and Monitoring Failures rank #9 in the OWASP Top 10 (2021). A deep dive into undetected breaches, dwell time, real incidents, and how to fix it.

Jul 7, 20267 min read
Software Supply Chain Security

The Codecov Bash uploader breach

How a Docker image flaw let attackers tamper with Codecov's Bash Uploader for 65 days, exfiltrating CI secrets from HashiCorp, Twilio, and more.

Jul 6, 20267 min read
Software Supply Chain Security

3CX DesktopApp supply chain compromise

How North Korea-linked hackers turned a signed, trusted 3CX VoIP installer into malware — and the double supply chain attack that made it possible.

Jul 6, 20266 min read
Software Supply Chain Security

Axios npm package RAT supply chain compromise

A compromised maintainer account pushed malicious axios releases carrying a cross-platform RAT to npm on March 31, 2026 — here's the full timeline and IOCs.

Jul 3, 20267 min read
Solutions

Software Supply Chain Security for SRE Teams

For SRE teams, supply chain risk is a reliability problem — a zero-day in a production image is an incident waiting to page you. Here is how to own runtime posture, gate deploys, and answer 'where does this run?' in minutes instead of days.

Jul 2, 20266 min read
Security Guides

How to Rotate Leaked API Keys (2026 Playbook)

A leaked API key is a live credential until you kill it. Here is a provider-agnostic rotation playbook — grounded in the Toyota T-Connect and CircleCI incidents — that revokes access without breaking production.

Jul 1, 20267 min read
SBOM

Log4j-style incident response using SBOM inventories

How SBOM inventories turned days of Log4Shell triage into minutes-long queries — and why scanner-first tools like Mend.io struggled when every team needed answers at once.

May 22, 20268 min read
Concepts

What Is Security Logging?

Security logging records security-relevant events so activity can be monitored, investigated, and audited. Learn what to log, how it works, and the common pitfalls.

May 21, 20266 min read
Supply Chain

A Defender's Template for Package Registry Incident Communications, Built from the 2025-2026 Response Postmortems

The npm Shai-Hulud, PyPI credential-leak, and tj-actions response postmortems published through 2025-2026 reveal a common communication shape. Here is the template, the timing, and the policy that turns the template into a fast response.

May 14, 20267 min read
Compliance

SEC cybersecurity disclosure rules for public companies

The SEC's 2023 rules give public companies four business days to disclose material cyber incidents. Here's what triggers the clock, and how supply chain visibility keeps you compliant.

May 10, 20267 min read
incident-response (Page 2) — Safeguard Blog