supply-chain-security
Safeguard articles tagged "supply-chain-security" — guides, analysis, and best practices for software supply chain and application security.
1045 articles
eBPF Rootkits Go Mainstream: Inside IronWorm and the Kernel-Level Turn in Supply Chain Malware
IronWorm shipped a kernel-level eBPF rootkit inside dozens of npm packages, hiding the very processes your security tools rely on seeing. Here is what changed, and how to detect kernel-level supply chain malware before it blinds you.
Azure DevOps pipeline security best practices
A practical guide to the six Azure DevOps pipeline settings attackers exploit most, with exact controls to fix fork triggers, secrets, and agents.
AIBOM in 2026: Treating AI Models as a Software Supply Chain
The AI bill of materials is graduating from optional security artifact to procurement requirement. Here is what AIBOM/ML-BOM actually tracks in 2026, how it ties to the EU AI Act, and where it still falls short.
Squidbleed (CVE-2026-47729): A 1997 Default Comes Back to Bite Squid
A one-line FTP-parsing bug from 1997 lets any user of a shared Squid proxy read other people's cleartext HTTP requests. We break down the root cause, why ancient defaults survive, and how to remediate.
CVE-2026-20262: Cisco Catalyst SD-WAN Manager Zero-Day File-Write Exploited in the Wild
Cisco confirmed limited in-the-wild exploitation of CVE-2026-20262, an arbitrary file-write zero-day in Catalyst SD-WAN Manager, alongside CVE-2026-20245. Here's what the chain actually buys an attacker and why edge management planes keep ending up on the KEV list.
Platformization vs Best-of-Breed: The 2026 Security Consolidation Debate
RSAC 2026 made it official: the industry is consolidating. But platform breadth buys you integration and data gravity at the cost of lock-in and concentration risk. Here is where consolidation genuinely helps, and where it quietly hurts.
Software Composition Analysis Tools: buyer's checklist
A practical SCA buyer's checklist comparing Safeguard and Black Duck on detection method, CI/CD fit, remediation speed, and license policy enforcement.
Prompt injection attacks: direct vs indirect
Direct prompt injection comes from the chat box; indirect injection hides in the data your AI agent trusts. Here's how the two attack types differ and what stops each.
Securing Model Context Protocol (MCP) servers
MCP server security explained through real 2025 CVEs, tool poisoning, and rug-pull attacks, plus concrete controls security teams need to defend AI agent tool calls.
mcp-scan: detecting malicious MCP tool definitions
MCP lets AI agents call tools via plain-text descriptions the model trusts blindly. Here's how mcp-scan catches poisoning, rug-pulls, and shadowing.
Ransomware Economics in 2026: Data Extortion Wins, Encryption Loses
Payment rates hit record lows in 2025 while attack volume surged. The result is a colder, leaner extortion economy built on data theft, not encryption — and a RaaS market reconsolidating around a handful of operators.
CVE-2026-45657: The Wormable-Class Windows Kernel RCE You Should Patch This Week
A CVSS 9.8 zero-day-grade remote code execution flaw in the Windows kernel's TCP/IP path lets unauthenticated attackers run code as SYSTEM with no user interaction. Here's what's confirmed, what's hype, and what to do now.