software-supply-chain-attack
Safeguard articles tagged "software-supply-chain-attack" — guides, analysis, and best practices for software supply chain and application security.
15 articles
Why postinstall Scripts Became the Frontline of the Software Supply Chain Attack
Install-time script execution turned npm install and pip install into code-execution events. Here is how 2026's wave of attacks works, and the lockfile, allowlist, and sandbox discipline that actually stops it.
After the Worms: A CI/CD Security Playbook for Developer Credentials in 2026
The 2026 npm and PyPI worms proved that a trusted release pipeline is a credential vault. Here is what IronWorm and Mini Shai-Hulud actually exploited, and how to harden CI/CD before the next one lands.
RSAC 2026's Five Most Dangerous Attack Techniques: Every One Now Runs on AI
For the first time in the history of the SANS keynote, all five of the most dangerous new attack techniques carry an AI dimension — from AI-generated zero-days to your vendor's vendor's vendor. Here's the honest breakdown, plus what defenders should actually do.