supply-chain-attack
Safeguard articles tagged "supply-chain-attack" — guides, analysis, and best practices for software supply chain and application security.
26 articles
Lessons from the 3CX Attack: The First Supply Chain Attack Caused by Another
3CX shipped a trojanized version of its own softphone through official updates in 2023 — because an employee installed compromised trading software. Here is the cascade, and its lessons.
Lessons from the Codecov Breach: When Your CI Secrets Walk Out the Door
For two months in 2021, Codecov's Bash Uploader quietly exfiltrated CI environment variables. Here is how a single trusted script became a mass credential-harvesting operation.
Lessons from SolarWinds: When the Build Pipeline Becomes the Attack Surface
The SUNBURST backdoor reached roughly 18,000 organizations through a trojanized SolarWinds Orion update. Here is what actually happened, and the defenses that hold up years later.
A forgotten contributor account compromised the Mastra npm scope
A dormant npm account with unrevoked publish rights let attackers trojanize 144 @mastra packages in 88 minutes, dropping a crypto-wallet RAT tied to Sapphire Sleet.
TrapDoor: The Cross-Ecosystem Crypto Stealer That Targeted DeFi Developers (May 2026)
Socket disclosed TrapDoor on May 24, 2026: 34+ malicious packages and 384+ versions across npm, PyPI, and Crates.io built to steal crypto wallets, SSH keys, and cloud credentials from crypto, DeFi, Solana, and AI developers.
Malicious browser and IDE extensions (Chrome, Firefox, VS...
How the Cyberhaven Chrome extension breach and the GlassWorm Open VSX worm exposed a supply chain blind spot that dependency scanners like Socket.dev don't cover.
XZ Utils backdoor discovery (CVE-2024-3094)
A deep dive into CVE-2024-3094, the XZ Utils backdoor: affected versions, CVSS/EPSS context, full attack timeline, and remediation steps.
The torchtriton Dependency Confusion Attack on PyTorch-Ni...
How a namespace gap on PyPI let a malicious "torchtriton" package hijack PyTorch-nightly installs for five days, and what it teaches about ML supply chain security.
The 'ctx' PyPI Package Hijack via Expired Maintainer Domain
In 2022, attackers bought an expired domain, reset a PyPI maintainer's email, and hijacked the ctx package to steal environment variables from unsuspecting installs.
The tj-actions/changed-files GitHub Action Supply Chain C...
CVE-2025-30066 exposed how a compromised tj-actions/changed-files GitHub Action leaked CI/CD secrets into build logs across 23,000+ repos. Timeline, impact, and fixes.
Polyfill.io supply chain attack
How a domain sale turned a trusted CDN into a malware vector for 100,000+ sites — and what the polyfill.io incident teaches defenders about third-party script risk.
3CX desktop app supply chain compromise
A breakdown of the 3CX supply chain compromise: how Lazarus-linked attackers poisoned a signed desktop build via a nested vendor attack chain.