Safeguard
Tag

incident-response

Safeguard articles tagged "incident-response" — guides, analysis, and best practices for software supply chain and application security.

95 articles

Regulatory Compliance

CISA's CI Fortify (May 2026): Planning Critical Infrastructure for Cyber Isolation and Recovery

On May 5, 2026, CISA launched CI Fortify, pushing critical infrastructure operators to plan for cyberattacks that sever their connections to the internet and telecom during a geopolitical crisis. We unpack the isolation and recovery objectives and what they demand of software supply chains.

May 7, 202611 min read
Vulnerability Analysis

Understanding zero-day vulnerabilities and incident response

A concrete look at zero-day vulnerabilities and incident response, using Log4Shell, MOVEit, and CISA KEV data to explain how fast defenders must move.

Apr 30, 20266 min read
Supply Chain

How npm's Takedown Response Time Compressed from Days to Hours During the 2025 Shai-Hulud Waves

AWS measured the September 8 chalk/debug compromise being removed within 2.5 hours and Shai-Hulud 2.0 in November within 12 hours. Here is how the registry-side response workflow operates and how to consume the signal.

Apr 2, 20267 min read
Best Practices

Incident Response for Supply Chain Attacks: A 2026 Playbook

A practical incident response playbook tailored for supply chain compromises — from initial detection through containment, eradication, and lessons learned.

Mar 28, 20268 min read
Vulnerability Analysis

What is Social Engineering

Social engineering causes 68% of breaches per Verizon's 2024 DBIR. Learn how it works, common attack types, and how it threatens the software supply chain.

Mar 25, 20266 min read
Guides

How to Rotate Leaked CI Secrets Without Downtime

A leaked CI credential does not have to mean an outage. The dual-credential pattern: issue new alongside old, cut over, verify with usage logs, then revoke — plus what to do after.

Mar 13, 20266 min read
Open Source Security

crates.io's Security Team in 2026: Response Workflow, Notification Policy Change, and the Alpha-Omega Investment

After the September 2025 phishing wave and the December evm-units removal, the crates.io team announced a notification policy update in February 2026 and the Rust Foundation deployed crate-scanning infrastructure funded by Alpha-Omega.

Mar 12, 20267 min read
Best Practices

How to Rotate Leaked Secrets With Automation (2026)

The 2026 playbook for automated secret rotation: detection pipelines, credential broker patterns, blast-radius analysis, and CI integration that actually holds up in production.

Mar 10, 20268 min read
Guides

How to Respond When a CVE Drops in a Package You Ship

A working playbook for the day a CVE lands in your dependency tree: confirm exposure with SBOM queries, judge real exploitability, patch or mitigate, then prove it and publish VEX.

Mar 6, 20266 min read
Best Practices

Reachability-Driven Incident Response Playbook

When CVE-X is announced and the world panics, reachability is the data that tells you whether to wake up the on-call team or wait until Monday.

Feb 28, 20263 min read
Incident Analysis

ProxyNotShell Postmortem: What the Exchange CVEs Taught About Patch Triage

ProxyNotShell forced enterprises to triage Exchange Server patching under pressure with confusing vendor guidance. A look back at CVE-2022-41040 and CVE-2022-41082.

Feb 27, 20265 min read
Incident Analysis

Incident Response Playbook for a Compromised Dependency

A concrete, timed playbook for the 72 hours after a critical dependency advisory — inventory, reachability, containment, remediation, and retrospective.

Feb 24, 20267 min read
incident-response (Page 3) — Safeguard Blog