Safeguard
Tag

supply-chain-security

Safeguard articles tagged "supply-chain-security" — guides, analysis, and best practices for software supply chain and application security.

1052 articles

AI Security

How data poisoning attacks corrupt LLM behavior during tr...

A single expired domain and $60 can poison a training set. Here's how data poisoning attacks corrupt LLM behavior — and how Safeguard verifies training data before it ships.

Dec 16, 20257 min read
Vulnerability Analysis

Docker symlink race condition escape (CVE-2018-15664)

A TOCTOU race in Docker's docker cp symlink resolution let malicious containers write to host files as root. Impact, CVSS, and fixes inside.

Dec 15, 20258 min read
Industry Analysis

Software Supply Chain Security in 2025: The Year in Review

From the CVE program funding crisis to the rise of AI-targeted supply chain attacks, 2025 reshaped the software security landscape. A comprehensive look at the year's defining events and trends.

Dec 15, 20257 min read
Vulnerability Analysis

Docker Engine crafted image denial of service (CVE-2021-21285)

CVE-2021-21285 lets a crafted container image crash Docker Engine before 20.10.3. Affected versions, severity, timeline, and remediation steps.

Dec 15, 20257 min read
AI Security

Risks of downloading malicious pretrained models from pub...

Real incidents show malicious Hugging Face models evading scanners with pickle exploits and reverse shells. Here's what teams need to know before the next pull.

Dec 15, 20257 min read
AI Security

How slopsquatting exploits AI-hallucinated package names

Slopsquatting attacks turn AI-hallucinated package names into real supply chain threats. Here's how it works, the numbers behind it, and how Safeguard stops it.

Dec 14, 20257 min read
AI Security

Security risks introduced by AI coding assistants and gen...

AI coding assistants now write huge shares of production code. Real 2025 incidents show hallucinated packages, leaked secrets, and vulnerable defaults ship with it.

Dec 14, 20257 min read
Regulatory Compliance

Overview of NIST's finalized post-quantum cryptography st...

NIST finalized FIPS 203, 204, and 205 in August 2024, formalizing the first NIST post-quantum standards. Here's what changes for software supply chain security teams.

Dec 14, 20257 min read
Cryptography

How ML-KEM (Kyber) works and implementation pitfalls

FIPS 203's ML-KEM Kyber is landing in TLS, SSH, and VPNs everywhere — here's how the lattice math works and the timing bugs, like KyberSlash, already found in real implementations.

Dec 13, 20258 min read
Industry Analysis

How trusted execution environments protect sensitive work...

Trusted execution environments promise hardware-isolated security for sensitive workloads, but real-world attacks show the TEE model has limits Safeguard helps you manage.

Dec 12, 20257 min read
Vulnerability Analysis

Time-of-check to time-of-use (TOCTOU) race condition vulnerabilities

TOCTOU race conditions let attackers swap a resource between a security check and its use. Real CVEs, exploit mechanics, and prevention patterns explained.

Dec 12, 20257 min read
Industry Analysis

Remote attestation fundamentals for confidential computin...

A practical look at remote attestation for confidential computing: how enclave protocols and hardware verification prove workloads haven't been tampered with.

Dec 11, 20257 min read
supply-chain-security (Page 59) — Safeguard Blog