Safeguard
Tag

incident-response

Safeguard articles tagged "incident-response" — guides, analysis, and best practices for software supply chain and application security.

95 articles

Policy

EU Cybersecurity Reserve: Trusted Providers Under the Cyber Solidarity Act

The EU Cybersecurity Reserve under Regulation (EU) 2025/38 mobilises trusted private incident-response providers to support Member States facing significant cyber incidents.

Apr 23, 20256 min read
Cloud Security

Cloudflare R2 March 21, 2025 Outage: A Credential Rotation Postmortem

A missing --env flag during a Wrangler secret rotation took R2 writes to zero for 67 minutes. Here is the failure mode and the deployment guardrails that should have caught it.

Mar 26, 20257 min read
Regulation

EU Cyber Solidarity Act: Regulation 2025/38 in Force

Regulation (EU) 2025/38 entered into force on 4 February 2025, establishing an EU Cybersecurity Reserve, alert system of cross-border hubs, and ENISA-led incident review mechanism.

Mar 17, 20257 min read
Cloud Security

Cloudflare R2 February 6, 2025 Outage: When Abuse Tooling Took Down Production

A routine phishing-URL takedown clicked the wrong button and disabled R2 globally for 59 minutes. Here is what went wrong and the two-party approval Cloudflare added afterwards.

Feb 10, 20257 min read
Incident Analysis

Ascension Health Black Basta Ransomware: 5.6M Patients Impacted

Black Basta encrypted Ascension's network on May 8, 2024 via a malicious file downloaded by an employee, diverting ambulances across 140 hospitals and ultimately notifying 5.6 million patients.

Jan 22, 20256 min read
Threat Intelligence

Medusa Ransomware: How Supply Chain Tactics Fuel a Growing Threat

Medusa ransomware has evolved beyond traditional encryption schemes, leveraging supply chain compromise to infiltrate victims. Here's what defenders need to know.

Jan 15, 20256 min read
Incident Analysis

Salt Typhoon Telco Intrusion: What We Know

Salt Typhoon breached at least nine U.S. carriers, exposing lawful intercept systems. We unpack the attack chain and what telcos must fix in 2025.

Jan 14, 20254 min read
Best Practices

Post-Incident Vendor Coordination

When a vendor's incident affects you, the coordination work between their IR team and your ops becomes its own project. How to run it well.

Dec 20, 20246 min read
Best Practices

Code Signing Infrastructure Breach Response

A compromised signing key is the quietest crisis in security. A concrete playbook for responding when your code signing infrastructure is implicated.

Nov 10, 20246 min read
Best Practices

Incident Response Playbook: Supply Chain Compromise

A step-by-step playbook for responding to upstream dependency, build system, and vendor compromises, including roles, timelines, and stakeholder communications.

Aug 19, 20246 min read
Incident Analysis

CrowdStrike Falcon Global Outage: A Post-Mortem Deep Dive

A technical reconstruction of the July 19 CrowdStrike Falcon sensor crash that grounded 8.5M Windows hosts, and what supply chain owners should change.

Jul 25, 20245 min read
Incident Analysis

CrowdStrike Falcon Update Triggers Global IT Outage: What Happened

On July 19, 2024, a faulty CrowdStrike Falcon sensor update caused 8.5 million Windows machines to blue-screen worldwide, grounding flights, halting hospitals, and exposing the fragility of centralized security infrastructure.

Jul 19, 20246 min read
incident-response (Page 6) — Safeguard Blog