supply-chain-attacks
Safeguard articles tagged "supply-chain-attacks" — guides, analysis, and best practices for software supply chain and application security.
58 articles
Incident Response for Supply Chain Attacks: A 2026 Playbook
A practical incident response playbook tailored for supply chain compromises — from initial detection through containment, eradication, and lessons learned.
How to Detect Dependency Confusion Attacks Before They Ship
Dependency confusion still works in 2026 because teams keep missing the same three controls. Here's how to detect and block it in npm, pip, and Maven.
Mitigating npm Install Scripts Without Breaking Your Build
`--ignore-scripts` is the blunt fix that breaks node-sass and better-sqlite3. Here is the surgical version that keeps builds green and postinstalls contained.
The Supply Chain Attack Kill Chain: A Framework for Defense
We propose a kill chain framework specific to software supply chain attacks, mapping attacker techniques to defensive controls at each stage.
Volt Typhoon: Critical Infrastructure Supply Chain
Volt Typhoon is pre-positioning inside U.S. critical infrastructure using living-off-the-land tradecraft and third-party access. Here is what defenders should do about it.
Cozy Bear / Midnight Blizzard Supply Chain Tactics
Midnight Blizzard (APT29, Cozy Bear) has refined long-dwell supply chain access into an operational art. Here is what their 2023-2025 pattern looks like to defenders.
Incident Response Playbook for a Compromised Dependency
A concrete, timed playbook for the 72 hours after a critical dependency advisory — inventory, reachability, containment, remediation, and retrospective.
DPRK IT Worker Supply Chain Insider Threat
DPRK operatives have placed themselves inside Western companies as remote developers. Here is how that pattern functions as a supply chain threat and how to detect it.
Hugging Face Model Hub Supply Chain Risks in 2025
Pickle deserialization, malicious Spaces, and namespace squatting: what 2024-2025 taught us about the Hugging Face model supply chain.
Black Basta Ransomware Leak Lessons Learned
The Black Basta chat leak gave defenders a rare inside view of how a ransomware program operates. Here are the durable engineering lessons to take from it.
LockBit Takedown: What Came After
Operation Cronos disrupted LockBit's infrastructure but not the underlying affiliate economy. Here is what actually changed and what defenders should take from it into 2026.
debug/chalk npm Compromise Sept 2025: Deep Dive
A phishing campaign against a prolific npm maintainer poisoned chalk, debug, and several other packages with a Web3 hijacker. Here is the full breakdown.