Safeguard
Tag

supply-chain-attacks

Safeguard articles tagged "supply-chain-attacks" — guides, analysis, and best practices for software supply chain and application security.

58 articles

Best Practices

Incident Response for Supply Chain Attacks: A 2026 Playbook

A practical incident response playbook tailored for supply chain compromises — from initial detection through containment, eradication, and lessons learned.

Mar 28, 20268 min read
Supply Chain Attacks

How to Detect Dependency Confusion Attacks Before They Ship

Dependency confusion still works in 2026 because teams keep missing the same three controls. Here's how to detect and block it in npm, pip, and Maven.

Mar 27, 20268 min read
Dependency Security

Mitigating npm Install Scripts Without Breaking Your Build

`--ignore-scripts` is the blunt fix that breaks node-sass and better-sqlite3. Here is the surgical version that keeps builds green and postinstalls contained.

Mar 9, 20267 min read
Threat Intelligence

The Supply Chain Attack Kill Chain: A Framework for Defense

We propose a kill chain framework specific to software supply chain attacks, mapping attacker techniques to defensive controls at each stage.

Mar 5, 20266 min read
Threat Intelligence

Volt Typhoon: Critical Infrastructure Supply Chain

Volt Typhoon is pre-positioning inside U.S. critical infrastructure using living-off-the-land tradecraft and third-party access. Here is what defenders should do about it.

Mar 2, 20266 min read
Threat Intelligence

Cozy Bear / Midnight Blizzard Supply Chain Tactics

Midnight Blizzard (APT29, Cozy Bear) has refined long-dwell supply chain access into an operational art. Here is what their 2023-2025 pattern looks like to defenders.

Feb 25, 20266 min read
Incident Analysis

Incident Response Playbook for a Compromised Dependency

A concrete, timed playbook for the 72 hours after a critical dependency advisory — inventory, reachability, containment, remediation, and retrospective.

Feb 24, 20267 min read
Threat Intelligence

DPRK IT Worker Supply Chain Insider Threat

DPRK operatives have placed themselves inside Western companies as remote developers. Here is how that pattern functions as a supply chain threat and how to detect it.

Feb 20, 20266 min read
Incident Analysis

Hugging Face Model Hub Supply Chain Risks in 2025

Pickle deserialization, malicious Spaces, and namespace squatting: what 2024-2025 taught us about the Hugging Face model supply chain.

Feb 20, 20267 min read
Threat Intelligence

Black Basta Ransomware Leak Lessons Learned

The Black Basta chat leak gave defenders a rare inside view of how a ransomware program operates. Here are the durable engineering lessons to take from it.

Feb 17, 20266 min read
Threat Intelligence

LockBit Takedown: What Came After

Operation Cronos disrupted LockBit's infrastructure but not the underlying affiliate economy. Here is what actually changed and what defenders should take from it into 2026.

Feb 13, 20267 min read
Incident Analysis

debug/chalk npm Compromise Sept 2025: Deep Dive

A phishing campaign against a prolific npm maintainer poisoned chalk, debug, and several other packages with a Web3 hijacker. Here is the full breakdown.

Feb 13, 20267 min read
supply-chain-attacks (Page 2) — Safeguard Blog