Safeguard
Tag

supply-chain-security

Safeguard articles tagged "supply-chain-security" — guides, analysis, and best practices for software supply chain and application security.

1052 articles

Vulnerability Analysis

Type confusion vulnerabilities explained

Type confusion bugs let attackers corrupt memory by exploiting mismatched type assumptions. See real CVEs, how JIT engines fail, and how to catch it early.

Dec 11, 20256 min read
Industry Analysis

Practical steps to secure third-party WebAssembly plugins...

A step-by-step guide to securing third-party WebAssembly plugins in production: sandboxing, capability restriction, resource limits, provenance checks, and runtime monitoring.

Dec 10, 20258 min read
AI Security

How AI safety benchmarks and evaluations measure model risk

A concrete look at how AI safety benchmark evaluation, LLM safety scorecards, and capability testing actually measure model risk in 2026 — and where they fall short.

Dec 8, 20256 min read
Best Practices

The Secure Software Development Lifecycle in 2025: What Actually Changed

A practical look at how SSDLC practices evolved in 2025, what worked, what failed, and why most organizations are still getting the basics wrong.

Dec 8, 20257 min read
AI Security

How indirect prompt injection hides malicious instruction...

How attackers hide malicious instructions inside webpages, documents, and retrieved content to hijack AI systems — and why RAG pipelines are especially exposed.

Dec 8, 20258 min read
Vulnerability Analysis

Typosquatting in open source package registries explained

Typosquatting hides malware behind a one-character package name typo. Learn how it works, real incidents, and how to detect it before your build runs.

Dec 7, 20257 min read
Vulnerability Analysis

How to detect malicious npm packages

Real npm supply chain attacks — event-stream, ua-parser-js, node-ipc, and the 2025 chalk/debug breach — show how to spot and stop malicious packages.

Dec 7, 20256 min read
Vulnerability Analysis

Subresource integrity bypass explained

SRI hashes can't stop what happens before the hash is made. How polyfill.io, British Airways, and event-stream exposed real gaps in browser integrity checks.

Dec 6, 20257 min read
AI Security

How to build an AI-specific incident response playbook

A step-by-step guide to building an AI incident response plan — covering scoping, escalation, detection, containment, and post-incident review for LLM and agent failures.

Dec 5, 20258 min read
Open Source Security

RubyGems 2019 Multi-CVE Disclosure: Directory Traversal v...

CVE-2019-8320 let malicious RubyGems packages delete arbitrary directories via symlinked gem decompression. Here's the impact, timeline, and how to remediate it.

Dec 5, 20258 min read
Open Source Security

RubyGems Escape Sequence Injection via Crafted API Respon...

CVE-2019-8322 is a RubyGems flaw where crafted API responses could inject terminal escape sequences, spoofing gem output. Here's what to know and how to fix it.

Dec 4, 20258 min read
Open Source Security

RubyGems Escape Sequence Injection in Gem Owner Command (...

CVE-2019-8323 shows how RubyGems' gem owner command echoed unsanitized API response data to the terminal, enabling escape sequence injection attacks.

Dec 4, 20257 min read
supply-chain-security (Page 60) — Safeguard Blog