sunburst
Safeguard articles tagged "sunburst" — guides, analysis, and best practices for software supply chain and application security.
7 articles
Build Pipeline Compromise: When the Factory Ships the Malware
A build pipeline compromise injects malicious code during CI/CD, so the software you sign and ship is already backdoored. Here is how it works and how to defend.
Lessons from SolarWinds: When the Build Pipeline Becomes the Attack Surface
The SUNBURST backdoor reached roughly 18,000 organizations through a trojanized SolarWinds Orion update. Here is what actually happened, and the defenses that hold up years later.
The SolarWinds Supply Chain Attack Explained
How Russian intelligence hijacked SolarWinds' build system to backdoor Orion updates for 18,000 customers, and what security teams must do now.
SolarWinds Sunburst: Five Years of Lessons in 2026
Half a decade after Sunburst, the build system compromise still defines how we think about software supply chain risk. A look at what stuck and what did not.
SolarWinds Lessons Two Years On: What Actually Changed
Two years after the SolarWinds SUNBURST compromise, the industry has new frameworks and new vocabulary — but has the build pipeline actually gotten harder to attack?
SolarWinds SUNBURST: Lessons for Supply Chain Security
The SolarWinds attack compromised 18,000 organizations through a single tampered update. Six months later, here's what the industry should have learned.
SunBurst: A Supply Chain Attack Evolution Study
The SolarWinds SunBurst campaign rewrote the supply chain threat model. Five years of research reveal what changed and what defenders still miss.