Safeguard
Tag

phishing

Safeguard articles tagged "phishing" — guides, analysis, and best practices for software supply chain and application security.

21 articles

Supply Chain Attacks

Anatomy of an npm maintainer account takeover

A single phishing email hit eslint-config-prettier's ~30M weekly downloads in July 2025 — no code compromise needed, just a stolen npm login.

Jul 9, 20266 min read
Vulnerability Guides

Open Redirect Vulnerabilities: Prevention Guide

An open redirect lets an attacker use your trusted domain to send victims anywhere — the ideal setup for phishing and OAuth token theft. Here's how to build redirects that can't be abused.

Jul 8, 20265 min read
Threat Research

Maintainer Account Takeover Attacks: Hijacking Trust in Open Source

A maintainer account takeover lets an attacker publish malicious versions of a trusted package under a legitimate identity. Here is how it happens and how to defend.

Jul 3, 20266 min read
Software Supply Chain Security

ESLint config-prettier maintainer npm account compromise

A phished maintainer account turned eslint-config-prettier and four sibling npm packages into a malicious install-time payload — here's what happened and how to check exposure.

Jun 29, 20266 min read
Application Security

Preventing open redirect vulnerabilities

Open redirect flaws turn trusted domains into phishing and OAuth-token-theft infrastructure. Here's how they work, how to find them, and how to fix them for good.

May 28, 20267 min read
Cryptocurrency Security

Fake Uniswap Google Ads Drained $400K: The Search-Ad Wallet Drainer Surge of May 2026

On May 26, 2026, on-chain investigators flagged a fake-Uniswap phishing operation that used Google search ads and lookalike domains to drain at least $400,000 by tricking users into signing malicious token approvals.

May 27, 202610 min read
Social Engineering

The 'Code of Conduct' Phishing Wave: AiTM Token Theft Hit 13,000 Orgs (May 2026)

Microsoft detailed a polished phishing campaign that weaponized fake HR 'code of conduct' investigations to steal session tokens via adversary-in-the-middle proxies, bypassing MFA across 13,000+ organizations in 26 countries.

May 13, 202611 min read
Data Breach

Škoda Auto Online Shop Breach (12 May 2026): An E-Commerce Software Flaw and the Credential-Reuse Tail

Škoda Auto disclosed on 12 May 2026 that attackers exploited a vulnerability in its German online shop to steal customer names, contact details, order data, and login credentials. The card data was safe; the credentials are the part that keeps paying out.

May 12, 202614 min read
Vulnerability Analysis

What is Phishing

Phishing drives more breaches than any other attack vector. Here's how it works, how it hits software supply chains, and how to defend against it.

Mar 26, 20268 min read
Vulnerability Analysis

What is Social Engineering

Social engineering causes 68% of breaches per Verizon's 2024 DBIR. Learn how it works, common attack types, and how it threatens the software supply chain.

Mar 25, 20266 min read
Threat Intelligence

Developer Social Engineering Campaigns 2024-2025

State-aligned and financially motivated actors now target individual developers with bespoke social engineering. Here is the tradecraft and what engineering leaders must do.

Mar 21, 20268 min read
Supply Chain Attacks

OSS Maintainer Account Takeover Trends 2025

A senior engineer's breakdown of how maintainer account takeovers evolved in 2025, from phishing kits targeting PyPI to session token theft on GitHub and npm.

Mar 7, 20267 min read
phishing — Safeguard Blog