incident-response
Safeguard articles tagged "incident-response" — guides, analysis, and best practices for software supply chain and application security.
95 articles
EU Cybersecurity Reserve: Trusted Providers Under the Cyber Solidarity Act
The EU Cybersecurity Reserve under Regulation (EU) 2025/38 mobilises trusted private incident-response providers to support Member States facing significant cyber incidents.
Cloudflare R2 March 21, 2025 Outage: A Credential Rotation Postmortem
A missing --env flag during a Wrangler secret rotation took R2 writes to zero for 67 minutes. Here is the failure mode and the deployment guardrails that should have caught it.
EU Cyber Solidarity Act: Regulation 2025/38 in Force
Regulation (EU) 2025/38 entered into force on 4 February 2025, establishing an EU Cybersecurity Reserve, alert system of cross-border hubs, and ENISA-led incident review mechanism.
Cloudflare R2 February 6, 2025 Outage: When Abuse Tooling Took Down Production
A routine phishing-URL takedown clicked the wrong button and disabled R2 globally for 59 minutes. Here is what went wrong and the two-party approval Cloudflare added afterwards.
Ascension Health Black Basta Ransomware: 5.6M Patients Impacted
Black Basta encrypted Ascension's network on May 8, 2024 via a malicious file downloaded by an employee, diverting ambulances across 140 hospitals and ultimately notifying 5.6 million patients.
Medusa Ransomware: How Supply Chain Tactics Fuel a Growing Threat
Medusa ransomware has evolved beyond traditional encryption schemes, leveraging supply chain compromise to infiltrate victims. Here's what defenders need to know.
Salt Typhoon Telco Intrusion: What We Know
Salt Typhoon breached at least nine U.S. carriers, exposing lawful intercept systems. We unpack the attack chain and what telcos must fix in 2025.
Post-Incident Vendor Coordination
When a vendor's incident affects you, the coordination work between their IR team and your ops becomes its own project. How to run it well.
Code Signing Infrastructure Breach Response
A compromised signing key is the quietest crisis in security. A concrete playbook for responding when your code signing infrastructure is implicated.
Incident Response Playbook: Supply Chain Compromise
A step-by-step playbook for responding to upstream dependency, build system, and vendor compromises, including roles, timelines, and stakeholder communications.
CrowdStrike Falcon Global Outage: A Post-Mortem Deep Dive
A technical reconstruction of the July 19 CrowdStrike Falcon sensor crash that grounded 8.5M Windows hosts, and what supply chain owners should change.
CrowdStrike Falcon Update Triggers Global IT Outage: What Happened
On July 19, 2024, a faulty CrowdStrike Falcon sensor update caused 8.5 million Windows machines to blue-screen worldwide, grounding flights, halting hospitals, and exposing the fragility of centralized security infrastructure.