supply-chain-attacks
Safeguard articles tagged "supply-chain-attacks" — guides, analysis, and best practices for software supply chain and application security.
58 articles
Clop/Cl0p Supply Chain Exploitation Patterns
Clop has industrialized third-party file-transfer exploitation. Here is how the group operates, what it keeps repeating, and how defenders can stop repeating their own mistakes.
Polyfill.io CDN Supply Chain Attack: 100K+ Sites
After a domain handover, polyfill.io began serving malware to more than 100,000 sites. Here is the attack chain and what the incident teaches us.
Lottie Player npm Supply Chain Attack Explained
A leaked maintainer token published three trojanized versions of @lottiefiles/lottie-player to npm, targeting wallet drains. Here is the mechanics.
tj-actions/changed-files Compromise: What Happened
A March 2025 GitHub Action compromise rewrote every tagged version to leak secrets. Here is the timeline, attack chain, and what repos need to change.
Ultralytics PyPI Compromise: Dec 2024 Post-Mortem
How a GitHub Actions cache poisoning attack pushed a crypto miner into Ultralytics 8.3.41 on PyPI, and what engineering teams should actually change.
Overview of AI model supply chain security risks end to end
A concrete, incident-driven walkthrough of AI supply chain security — from poisoned datasets and backdoored Hugging Face models to CI pipeline hijacks — and how to reduce the risk end to end.
CI/CD pipeline supply chain attacks explained
A breakdown of how CI/CD supply chain attacks work, from SolarWinds to the 2025 tj-actions/changed-files breach, and how to detect and stop them.
State of npm supply chain attacks
Maintainer phishing, self-propagating worms, and mass-download packages compromised: a look at the npm supply chain attack trends reshaping open source risk.
The PHP Source Code Git Server Backdoor Compromise of 2021
In 2021, attackers breached PHP's git server and pushed a backdoor under forged commits from top maintainers. Here's how the PHP git server compromise unfolded.
The Six-Month PEAR go-pear.phar Installer Compromise
How a single tampered PEAR go-pear.phar installer sat undetected on pear.php.net for months, what it could do, and what the PHP ecosystem learned about supply chain trust.
Supply Chain Attacks Targeting AI/ML Pipelines
AI and ML pipelines introduce unique supply chain risks -- from poisoned training data to compromised model registries. Here is what attackers are targeting and how to defend.
Why Malicious Package Counts Are Rising Faster Than Detec...
Malicious packages hit 245,000+ in 2023 alone, outpacing 2019-2022 combined. Here's why detection tooling can't keep up, and how the gap actually closes.