Safeguard
Tag

supply-chain-security

Safeguard articles tagged "supply-chain-security" — guides, analysis, and best practices for software supply chain and application security.

1045 articles

Supply Chain Security

IronWorm: A Rust eBPF Rootkit Worm Hits the npm Supply Chain

IronWorm is a compiled Rust npm worm with a kernel-level eBPF rootkit, Tor C2, and OIDC-based self-propagation. It is the engineering ceiling of 2026 software supply chain attacks — and it carries no CVE.

Jun 22, 20267 min read
Cloud Security

Container security for Kubernetes and Docker

A practical glossary breakdown of container security for Kubernetes and Docker: the real risks, key benchmarks, and where code-scanning tools like Checkmarx fall short.

Jun 22, 20267 min read
Threat Intelligence

Stryker Wiper Attack: When Hacktivists Used Intune to Brick 200,000 Medtech Devices

An Iran-aligned group used a compromised admin account and Microsoft Intune to factory-reset roughly 200,000 of Stryker's devices in real time. The lesson is uncomfortable: your management plane is your biggest single point of failure.

Jun 21, 20267 min read
Container Security

Docker Hub malicious image detection

Docker Hub's open upload model has enabled real cryptojacking and phishing campaigns — here's how attackers hide malware in images and how to detect them.

Jun 21, 20267 min read
Supply Chain Security

PyTorch Lightning PyPI Compromise: A Software Supply Chain Attack Built to Drain ML Credentials

In April 2026, attackers pushed malicious versions of the lightning PyPI package and an npm intercom-client release, harvesting cloud, CI/CD, and GitHub credentials. Here is what happened and why ML tooling is now a prime supply chain target.

Jun 20, 20266 min read
Application Security

Software Development Lifecycle (SDLC) security

A secure SDLC needs more than periodic scans. See where Veracode's upload-and-scan model leaves supply chain gaps, and how continuous, provenance-aware security closes them.

Jun 20, 20268 min read
Application Security

Top 10 Azure security risks and prevention

Real Azure breaches — BlueBleed, ChaosDB, OMIGOD, Midnight Blizzard — trace back to storage misconfigs, identity sprawl, and exposed secrets, not zero-days.

Jun 20, 20267 min read
Threat Intelligence

Kairos Ransomware Hits Gregory Jewellers: 574 GB of Data Extortion at an Australian Luxury Retailer

The Kairos extortion group claims it stole roughly 574 GB from Australian luxury jeweller Gregory Jewellers. Here is what is verified, what the group's playbook tells us, and why pure data-extortion crews are the harder problem.

Jun 19, 20267 min read
Infrastructure Security

Terraform Cloud security integration guide

A practical breakdown of Terraform Cloud security: state file exposure, Sentinel/OPA policy gaps, Run Tasks trust risks, and drift monitoring.

Jun 19, 20267 min read
Strategy

Cost-Per-Verified-Finding: How Agentic AI Breaks Vulnerability Triage

Agentic AI can generate findings faster than any team can read them. The metric that survives that flood isn't cost-per-finding, it's cost-per-verified-finding. Here's why verification is now the bottleneck.

Jun 18, 20267 min read
Infrastructure Security

Introduction to Open Policy Agent and Rego

A concrete walkthrough of Open Policy Agent and Rego — how OPA evaluates decisions, a runnable policy example, and where it fits in supply chain security.

Jun 18, 20268 min read
Infrastructure Security

Pulumi security scanning best practices

Pulumi programs run as real code with live cloud credentials -- here's how to secure state files, dependencies, CrossGuard policy, and CI/CD.

Jun 17, 20267 min read
supply-chain-security (Page 24) — Safeguard Blog