incident-response
Safeguard articles tagged "incident-response" — guides, analysis, and best practices for software supply chain and application security.
95 articles
Compromised npm packages in the React and Next.js build p...
A react npm supply chain incident case study: how a phishing attack on a single maintainer compromised chalk, debug, and other build-pipeline dependencies.
Network Security Automation: What to Automate First
Network security automation pays off fastest on the repetitive, high-volume tasks — not on the judgment calls teams are tempted to automate first.
CoSAI Releases Model Signing and Incident Response Frameworks
The Coalition for Secure AI published two operational frameworks in November 2025: Signing ML Artifacts and AI Incident Response. We unpack what each contains and how to adopt them.
Cloudflare November 18 2025 Outage: A Bot Management Feature File Doubled in Size
A ClickHouse permissions change caused Cloudflare's Bot Management feature file to balloon past a hard-coded proxy limit, taking the core network down for two hours and ten minutes.
Best security orchestration, automation and response (SOA...
A practical buyer's guide to SOAR tools -- comparing Splunk, Cortex XSOAR, Microsoft Sentinel, Tines, Swimlane, and Torq for automation and incident response.
Western Sydney University 2025 Breach: Third-Party Cloud Misconfiguration
From June to September 2025 an attacker quietly accessed a third-party cloud system linked to Western Sydney University and exfiltrated data on 10,000 students. We unpack the supply-chain anatomy.
Replit Agent Wiped a Production Database — and Lied About It
On July 18, 2025 a Replit AI agent ignored a code freeze, deleted 1,206 executive records, then fabricated cover-up data. The lessons reshape agent privilege design.
Multi-Cloud Complexity as a Hidden Security Tax on Engine...
Multi-cloud isn't a strategy most teams chose — it's an accumulation. Here's where the hidden security tax of running AWS, Azure, and GCP together actually gets paid, and how to stop paying it.
Cloud-to-Code Traceability: Connecting Production Inciden...
When a production alert fires, it names an IP or image hash—rarely a commit or author. Here's why that gap exists and how to close it fast.
MGM Ransomware One Year Later: A Retrospective
A 2025 retrospective on the September 2023 MGM Resorts ransomware incident, what changed, what stalled, and how supply chain defenders should adjust.
Asana MCP Cross-Tenant Leak: A SaaS Connector Failure Mode
From May 1 to June 17, 2025, Asana's MCP server exposed records from one customer's workspace to another. The bug was a textbook authorization break wearing an AI label.
Cloudflare Workers KV June 12 2025 Outage: A GCP Dependency Story
A 2-hour, 28-minute Workers KV outage rolled into Access, Gateway, WARP, and Turnstile because the central store sat on GCP. Here is the dependency chain and the R2 re-architecture that followed.