Safeguard
Tag

software-supply-chain-attack

Safeguard articles tagged "software-supply-chain-attack" — guides, analysis, and best practices for software supply chain and application security.

15 articles

Product

Introducing the Package Firewall and AI Model-Artifact Scanning

Two supply-chain defenses are rolling out on Safeguard: an install-time Package Firewall that blocks malicious npm and pip packages before they resolve, and AI model-artifact scanning that inspects model weights — now including ONNX — for malware before they load.

Jul 6, 20265 min read
Buyer's Guides

Best Software Supply Chain Security Platforms in 2026: A Buyer's Guide

An honest, side-by-side guide to the best software supply chain security platforms in 2026 — what each tool is genuinely good at, who it fits, and how to choose between zero-CVE, SCA, reachability, and CNAPP approaches.

Jun 24, 20266 min read
Threat Intelligence

2026 Mid-Year Threat Landscape: Supply-Chain Worms, Agentic AI, and Edge Zero-Days

A defender's synthesis of the first half of 2026 — self-propagating package worms, the agentic-AI access-control problem, edge-appliance zero-days, and a healthcare ransomware surge — and what to prioritize next.

Jun 24, 20265 min read
Supply Chain Security

Software Supply Chain Attack at Scale: npm, PyPI, and Docker Hub Hit in 48 Hours

GitGuardian documented three distinct supply-chain campaigns striking npm, PyPI, and Docker Hub inside a single 48-hour window in April 2026. The simultaneity tells you more about attacker tooling than any single payload does.

Jun 24, 20267 min read
Supply Chain Security

CVE-2026-45321: Anatomy of the TanStack npm and PyPI Supply Chain Worm

The Mini Shai-Hulud worm hit TanStack, Mistral AI, UiPath and 170+ npm and PyPI packages by hijacking a trusted release pipeline mid-run. Here is how the software supply chain attack actually worked, and what it changes.

Jun 23, 20267 min read
Threat Intelligence

TeamPCP: Running a Software Supply Chain Attack Like a Production Pipeline

TeamPCP (UNC6780) is the most active actor in the 2026 supply chain corpus, weaponizing the tools developers trust most. Here is how the operation works, and why a zero-CVE campaign breaks the model most teams still rely on.

Jun 23, 20267 min read
Supply Chain Security

IronWorm: A Rust eBPF Rootkit Worm Hits the npm Supply Chain

IronWorm is a compiled Rust npm worm with a kernel-level eBPF rootkit, Tor C2, and OIDC-based self-propagation. It is the engineering ceiling of 2026 software supply chain attacks — and it carries no CVE.

Jun 22, 20267 min read
Supply Chain Security

PyTorch Lightning PyPI Compromise: A Software Supply Chain Attack Built to Drain ML Credentials

In April 2026, attackers pushed malicious versions of the lightning PyPI package and an npm intercom-client release, harvesting cloud, CI/CD, and GitHub credentials. Here is what happened and why ML tooling is now a prime supply chain target.

Jun 20, 20266 min read
Threat Intelligence

The Klue Breach: One Legacy Credential Turned Into a SaaS Supply Chain Attack on Salesforce and Gong

Attackers used a disused legacy credential at marketing-intelligence vendor Klue to push code that harvested customer OAuth tokens, then walked into Salesforce and Gong instances. A textbook SaaS-to-SaaS supply chain pivot.

Jun 17, 20266 min read
Supply Chain Security

eBPF Rootkits Go Mainstream: Inside IronWorm and the Kernel-Level Turn in Supply Chain Malware

IronWorm shipped a kernel-level eBPF rootkit inside dozens of npm packages, hiding the very processes your security tools rely on seeing. Here is what changed, and how to detect kernel-level supply chain malware before it blinds you.

Jun 16, 20267 min read
Vulnerabilities

Squidbleed (CVE-2026-47729): A 1997 Default Comes Back to Bite Squid

A one-line FTP-parsing bug from 1997 lets any user of a shared Squid proxy read other people's cleartext HTTP requests. We break down the root cause, why ancient defaults survive, and how to remediate.

Jun 15, 20267 min read
Threat Intelligence

OAuth Token Theft: The SaaS-to-SaaS Supply Chain Is the New Soft Target

The Klue and Salesloft Drift breaches showed the same pattern: steal one integration's OAuth tokens, inherit trusted access into hundreds of customer SaaS instances. Here is why third-party app grants are the supply chain risk most teams still aren't governing.

Jun 8, 20267 min read
software-supply-chain-attack — Safeguard Blog