supply-chain-attacks
Safeguard articles tagged "supply-chain-attacks" — guides, analysis, and best practices for software supply chain and application security.
58 articles
Postmortem: The Bun-Based Stealer Inside SAP's @cap-js and mbt Packages
Four SAP npm packages shipped a Bun-executed credential stealer on April 29, 2026 — a look at how it evaded Node-centric detection and what actually stops it.
Anatomy of an npm maintainer account takeover
A single phishing email hit eslint-config-prettier's ~30M weekly downloads in July 2025 — no code compromise needed, just a stolen npm login.
Inside the npm Reward-Farming Worm That Published 89,000+ Packages
One npm publishing bot exploited a crypto reward protocol to spam 89,000+ packages, some appearing every 7-10 seconds. Here's how it worked and how to spot it.
Anatomy of an npm Build-Pipeline Hijack That Shipped a Cross-Platform RAT
One stolen npm token, three malicious releases, four hours online — and 8 million weekly downloads exposed to a cross-platform credential stealer.
Anatomy of a self-propagating npm worm
In September 2025, one phished maintainer account led to malicious chalk and debug releases hitting over 2B weekly downloads within two hours.
A dormant contributor account just took down the entire Mastra npm scope
One forgotten npm maintainer account let an attacker republish all 142 packages in the @mastra scope in 90 minutes, hitting a package with 4 million monthly downloads.
npm typosquatting attacks
npm typosquatting turns a single mistyped `npm install` into a live compromise. Real incidents, attack patterns, and defenses that actually catch it.
The SolarWinds Orion supply chain attack explained
How SUNBURST hid inside a signed SolarWinds Orion update, hit 18,000 organizations, and reshaped supply chain security.
Supply Chain Attacks FAQ: 2026 Threats Explained
Answers to the most common questions about software supply chain attacks in 2026 — how they work, famous examples, the main techniques, and how to defend against them.
Software supply chain attack statistics and trends report
Software supply chain attacks keep climbing year over year. Here are the stats, incidents, and trends security teams need to know in 2026.
Software supply chain attacks: how they work and recent e...
Software supply chain attacks like SolarWinds, xz-utils, and polyfill.io bypass vulnerability scanners entirely. Here's how they work and where provenance verification fills the gap.
What is a Software Supply Chain Attack
A software supply chain attack compromises trusted dependencies or build systems to spread malicious code downstream — here's how it works, and how to stop it.