phishing
Safeguard articles tagged "phishing" — guides, analysis, and best practices for software supply chain and application security.
21 articles
Anatomy of an npm maintainer account takeover
A single phishing email hit eslint-config-prettier's ~30M weekly downloads in July 2025 — no code compromise needed, just a stolen npm login.
Open Redirect Vulnerabilities: Prevention Guide
An open redirect lets an attacker use your trusted domain to send victims anywhere — the ideal setup for phishing and OAuth token theft. Here's how to build redirects that can't be abused.
Maintainer Account Takeover Attacks: Hijacking Trust in Open Source
A maintainer account takeover lets an attacker publish malicious versions of a trusted package under a legitimate identity. Here is how it happens and how to defend.
ESLint config-prettier maintainer npm account compromise
A phished maintainer account turned eslint-config-prettier and four sibling npm packages into a malicious install-time payload — here's what happened and how to check exposure.
Preventing open redirect vulnerabilities
Open redirect flaws turn trusted domains into phishing and OAuth-token-theft infrastructure. Here's how they work, how to find them, and how to fix them for good.
Fake Uniswap Google Ads Drained $400K: The Search-Ad Wallet Drainer Surge of May 2026
On May 26, 2026, on-chain investigators flagged a fake-Uniswap phishing operation that used Google search ads and lookalike domains to drain at least $400,000 by tricking users into signing malicious token approvals.
The 'Code of Conduct' Phishing Wave: AiTM Token Theft Hit 13,000 Orgs (May 2026)
Microsoft detailed a polished phishing campaign that weaponized fake HR 'code of conduct' investigations to steal session tokens via adversary-in-the-middle proxies, bypassing MFA across 13,000+ organizations in 26 countries.
Škoda Auto Online Shop Breach (12 May 2026): An E-Commerce Software Flaw and the Credential-Reuse Tail
Škoda Auto disclosed on 12 May 2026 that attackers exploited a vulnerability in its German online shop to steal customer names, contact details, order data, and login credentials. The card data was safe; the credentials are the part that keeps paying out.
What is Phishing
Phishing drives more breaches than any other attack vector. Here's how it works, how it hits software supply chains, and how to defend against it.
What is Social Engineering
Social engineering causes 68% of breaches per Verizon's 2024 DBIR. Learn how it works, common attack types, and how it threatens the software supply chain.
Developer Social Engineering Campaigns 2024-2025
State-aligned and financially motivated actors now target individual developers with bespoke social engineering. Here is the tradecraft and what engineering leaders must do.
OSS Maintainer Account Takeover Trends 2025
A senior engineer's breakdown of how maintainer account takeovers evolved in 2025, from phishing kits targeting PyPI to session token theft on GitHub and npm.