industry-analysis
Safeguard articles tagged "industry-analysis" — guides, analysis, and best practices for software supply chain and application security.
85 articles
WebExtension vulnerabilities in React DevTools and Vue.js DevTools
CVE-2023-5654 and CVE-2023-5718 exposed 5M+ React and Vue devtools users to postMessage flaws. Here's how devtools extensions became supply chain risk.
JavaScript frameworks security report
Safeguard's H1 2026 audit finds 61% of JS repos ship a high-severity framework CVE, with a 47-day median patch lag attackers routinely beat.
Snyk integrates with GitHub Advanced Security
Snyk's scanning engine is now embedded in GitHub Advanced Security. Here's what the integration covers, why it matters, and the alert-fatigue risk it creates.
Snyk Learn: interactive security training for developers
Snyk Learn popularized the developer security training platform. But without reachability-aware prioritization, training risks teaching developers to fix the wrong things.
DSPM Market Size: 2026 guide
DSPM spending is set to grow 25%+ annually through 2026. Here's how the market size breaks down, how Prisma Cloud fits in, and where supply chain security closes the gap.
Top cloud data security solutions
Prisma Cloud's DSPM bolts data classification onto a 30-module CNAPP after resources already exist in the cloud. Here's why that misses the supply chain risks that matter most.
Forecasting the cloud security landscape (annual predicti...
Where does cloud security head into 2027? We break down six concrete predictions on CNAPP consolidation, supply chain risk, and Prisma Cloud gaps.
Lateral movement
A precise breakdown of what lateral movement is, the MITRE ATT&CK techniques and pivoting methods attackers use, and how to detect them before they spread.
Insecure deserialization attack
A precise breakdown of what is an insecure deserialization attack, how object injection and gadget chains work in Java and Python, and how to defend against them.
Golden ticket attack
A golden ticket attack forges Kerberos TGTs using a stolen krbtgt hash, giving attackers persistent, near-total control over Active Directory.
Living off the land (LOTL) techniques
A precise breakdown of living off the land (LOTL) attacks: how LOLBins, fileless malware, and dual-use tool abuse let intruders hide in plain sight.
Node.js Security Best Practices
Node.js supply chain attacks like event-stream, ua-parser-js, and Shai-Hulud show why dependency depth is the real risk -- here's what actually reduces it.