Safeguard
Tag

industry-analysis

Safeguard articles tagged "industry-analysis" — guides, analysis, and best practices for software supply chain and application security.

85 articles

Industry Analysis

WebExtension vulnerabilities in React DevTools and Vue.js DevTools

CVE-2023-5654 and CVE-2023-5718 exposed 5M+ React and Vue devtools users to postMessage flaws. Here's how devtools extensions became supply chain risk.

Apr 28, 20267 min read
Industry Analysis

JavaScript frameworks security report

Safeguard's H1 2026 audit finds 61% of JS repos ship a high-severity framework CVE, with a 47-day median patch lag attackers routinely beat.

Apr 24, 20267 min read
Industry Analysis

Snyk integrates with GitHub Advanced Security

Snyk's scanning engine is now embedded in GitHub Advanced Security. Here's what the integration covers, why it matters, and the alert-fatigue risk it creates.

Apr 23, 20266 min read
Industry Analysis

Snyk Learn: interactive security training for developers

Snyk Learn popularized the developer security training platform. But without reachability-aware prioritization, training risks teaching developers to fix the wrong things.

Apr 22, 20267 min read
Industry Analysis

DSPM Market Size: 2026 guide

DSPM spending is set to grow 25%+ annually through 2026. Here's how the market size breaks down, how Prisma Cloud fits in, and where supply chain security closes the gap.

Apr 11, 20268 min read
Industry Analysis

Top cloud data security solutions

Prisma Cloud's DSPM bolts data classification onto a 30-module CNAPP after resources already exist in the cloud. Here's why that misses the supply chain risks that matter most.

Apr 8, 20268 min read
Industry Analysis

Forecasting the cloud security landscape (annual predicti...

Where does cloud security head into 2027? We break down six concrete predictions on CNAPP consolidation, supply chain risk, and Prisma Cloud gaps.

Apr 8, 20267 min read
Industry Analysis

Lateral movement

A precise breakdown of what lateral movement is, the MITRE ATT&CK techniques and pivoting methods attackers use, and how to detect them before they spread.

Feb 26, 20268 min read
Industry Analysis

Insecure deserialization attack

A precise breakdown of what is an insecure deserialization attack, how object injection and gadget chains work in Java and Python, and how to defend against them.

Feb 25, 20267 min read
Industry Analysis

Golden ticket attack

A golden ticket attack forges Kerberos TGTs using a stolen krbtgt hash, giving attackers persistent, near-total control over Active Directory.

Feb 25, 20268 min read
Industry Analysis

Living off the land (LOTL) techniques

A precise breakdown of living off the land (LOTL) attacks: how LOLBins, fileless malware, and dual-use tool abuse let intruders hide in plain sight.

Feb 24, 20268 min read
Industry Analysis

Node.js Security Best Practices

Node.js supply chain attacks like event-stream, ua-parser-js, and Shai-Hulud show why dependency depth is the real risk -- here's what actually reduces it.

Feb 24, 20266 min read
industry-analysis (Page 2) — Safeguard Blog