Safeguard
Tag

supply-chain-attacks

Safeguard articles tagged "supply-chain-attacks" — guides, analysis, and best practices for software supply chain and application security.

58 articles

Threat Intelligence

Clop/Cl0p Supply Chain Exploitation Patterns

Clop has industrialized third-party file-transfer exploitation. Here is how the group operates, what it keeps repeating, and how defenders can stop repeating their own mistakes.

Jan 23, 20266 min read
Incident Analysis

Polyfill.io CDN Supply Chain Attack: 100K+ Sites

After a domain handover, polyfill.io began serving malware to more than 100,000 sites. Here is the attack chain and what the incident teaches us.

Jan 23, 20266 min read
Incident Analysis

Lottie Player npm Supply Chain Attack Explained

A leaked maintainer token published three trojanized versions of @lottiefiles/lottie-player to npm, targeting wallet drains. Here is the mechanics.

Jan 19, 20267 min read
Incident Analysis

tj-actions/changed-files Compromise: What Happened

A March 2025 GitHub Action compromise rewrote every tagged version to leak secrets. Here is the timeline, attack chain, and what repos need to change.

Jan 14, 20267 min read
Incident Analysis

Ultralytics PyPI Compromise: Dec 2024 Post-Mortem

How a GitHub Actions cache poisoning attack pushed a crypto miner into Ultralytics 8.3.41 on PyPI, and what engineering teams should actually change.

Jan 9, 20267 min read
AI Security

Overview of AI model supply chain security risks end to end

A concrete, incident-driven walkthrough of AI supply chain security — from poisoned datasets and backdoored Hugging Face models to CI pipeline hijacks — and how to reduce the risk end to end.

Dec 17, 20258 min read
Vulnerability Analysis

CI/CD pipeline supply chain attacks explained

A breakdown of how CI/CD supply chain attacks work, from SolarWinds to the 2025 tj-actions/changed-files breach, and how to detect and stop them.

Dec 7, 20256 min read
Open Source Security

State of npm supply chain attacks

Maintainer phishing, self-propagating worms, and mass-download packages compromised: a look at the npm supply chain attack trends reshaping open source risk.

Nov 30, 20257 min read
Supply Chain Attacks

The PHP Source Code Git Server Backdoor Compromise of 2021

In 2021, attackers breached PHP's git server and pushed a backdoor under forged commits from top maintainers. Here's how the PHP git server compromise unfolded.

Nov 20, 20257 min read
Supply Chain Attacks

The Six-Month PEAR go-pear.phar Installer Compromise

How a single tampered PEAR go-pear.phar installer sat undetected on pear.php.net for months, what it could do, and what the PHP ecosystem learned about supply chain trust.

Nov 19, 20257 min read
AI Security

Supply Chain Attacks Targeting AI/ML Pipelines

AI and ML pipelines introduce unique supply chain risks -- from poisoned training data to compromised model registries. Here is what attackers are targeting and how to defend.

Sep 1, 20257 min read
Open Source Security

Why Malicious Package Counts Are Rising Faster Than Detec...

Malicious packages hit 245,000+ in 2023 alone, outpacing 2019-2022 combined. Here's why detection tooling can't keep up, and how the gap actually closes.

Aug 2, 20258 min read
supply-chain-attacks (Page 4) — Safeguard Blog