incident-response
Safeguard articles tagged "incident-response" — guides, analysis, and best practices for software supply chain and application security.
95 articles
CISA's CI Fortify (May 2026): Planning Critical Infrastructure for Cyber Isolation and Recovery
On May 5, 2026, CISA launched CI Fortify, pushing critical infrastructure operators to plan for cyberattacks that sever their connections to the internet and telecom during a geopolitical crisis. We unpack the isolation and recovery objectives and what they demand of software supply chains.
Understanding zero-day vulnerabilities and incident response
A concrete look at zero-day vulnerabilities and incident response, using Log4Shell, MOVEit, and CISA KEV data to explain how fast defenders must move.
How npm's Takedown Response Time Compressed from Days to Hours During the 2025 Shai-Hulud Waves
AWS measured the September 8 chalk/debug compromise being removed within 2.5 hours and Shai-Hulud 2.0 in November within 12 hours. Here is how the registry-side response workflow operates and how to consume the signal.
Incident Response for Supply Chain Attacks: A 2026 Playbook
A practical incident response playbook tailored for supply chain compromises — from initial detection through containment, eradication, and lessons learned.
What is Social Engineering
Social engineering causes 68% of breaches per Verizon's 2024 DBIR. Learn how it works, common attack types, and how it threatens the software supply chain.
How to Rotate Leaked CI Secrets Without Downtime
A leaked CI credential does not have to mean an outage. The dual-credential pattern: issue new alongside old, cut over, verify with usage logs, then revoke — plus what to do after.
crates.io's Security Team in 2026: Response Workflow, Notification Policy Change, and the Alpha-Omega Investment
After the September 2025 phishing wave and the December evm-units removal, the crates.io team announced a notification policy update in February 2026 and the Rust Foundation deployed crate-scanning infrastructure funded by Alpha-Omega.
How to Rotate Leaked Secrets With Automation (2026)
The 2026 playbook for automated secret rotation: detection pipelines, credential broker patterns, blast-radius analysis, and CI integration that actually holds up in production.
How to Respond When a CVE Drops in a Package You Ship
A working playbook for the day a CVE lands in your dependency tree: confirm exposure with SBOM queries, judge real exploitability, patch or mitigate, then prove it and publish VEX.
Reachability-Driven Incident Response Playbook
When CVE-X is announced and the world panics, reachability is the data that tells you whether to wake up the on-call team or wait until Monday.
ProxyNotShell Postmortem: What the Exchange CVEs Taught About Patch Triage
ProxyNotShell forced enterprises to triage Exchange Server patching under pressure with confusing vendor guidance. A look back at CVE-2022-41040 and CVE-2022-41082.
Incident Response Playbook for a Compromised Dependency
A concrete, timed playbook for the 72 hours after a critical dependency advisory — inventory, reachability, containment, remediation, and retrospective.