supply-chain-attacks
Safeguard articles tagged "supply-chain-attacks" — guides, analysis, and best practices for software supply chain and application security.
58 articles
FIN7 Supply Chain Social Engineering (2024)
FIN7 built tooling that made its social engineering feel like a SaaS product. Here is how its 2024 tradecraft blended malvertising, fake tools, and credential theft into a supply chain attack.
xrpl.js npm Backdoor April 2025 Incident Analysis
A stolen Ripple-adjacent npm token pushed key-stealing versions of xrpl.js. Timeline, payload structure, and what XRPL integrators should do next.
Gamaredon Ukraine Targeting Supply Chain 2025
Gamaredon's 2025 operations against Ukraine have leaned harder into software and MSP supply chain pivots. Here is the tradecraft defenders need to recognize.
Lazarus Group: 3CX and Software Builds
Lazarus turned a developer's personal machine into a corporate build-system compromise. Here is how that cascade actually worked and what it teaches about build-system trust.
Cargo supply chain attacks: typosquatting and malicious c...
Crates.io typosquatting tricks Rust developers into pulling malicious crates instead of trusted ones. Here's how these attacks work — and how to spot them before you build.
Solana web3.js npm Backdoor: Dec 2024 Post-Mortem
A phished maintainer token pushed a private-key-stealing backdoor into @solana/web3.js 1.95.6/1.95.7. Full mechanics and post-incident recommendations.
RansomHub Ransomware and EDR Bypass (2024)
RansomHub absorbed affiliates displaced by BlackCat and ran one of the most prolific extortion operations of 2024. Here is what made its tradecraft effective and how to counter it.
Salt Typhoon Telecom Supply Chain Campaign 2024
Salt Typhoon's 2024 intrusions into U.S. telecoms reframed supply chain risk as a routing and lawful-intercept problem. Here is what the campaign looked like from a defender's seat.
Ledger Connect Kit Attack: What Devs Missed
A phishing-obtained GitHub token published a wallet drainer as @ledgerhq/connect-kit in Dec 2023. What the incident tells us about Web3 supply chain trust.
Scattered Spider: Identity as Supply Chain 2024-25
Scattered Spider showed that help-desk processes, SaaS federation, and MSPs are the new software supply chain. Here is how to think about it and what to actually change.
Gradle build script injection and plugin supply chain att...
How attackers hijack Gradle plugins, typosquat the Plugin Portal, and inject code into build.gradle files to run with full CI trust — and how to stop it.
Rspack npm Account Takeover: 2024 Incident Analysis
Compromised npm tokens pushed crypto-miner versions of @rspack/core and @rspack/cli in December 2024. Timeline, payload, and what downstream teams missed.