Safeguard
Tag

supply-chain-security

Safeguard articles tagged "supply-chain-security" — guides, analysis, and best practices for software supply chain and application security.

1045 articles

Cloud Security

GitHub Actions workflow injection vulnerabilities

How GitHub Actions workflow injection lets attackers hijack CI pipelines via untrusted input, real CVEs like CVE-2025-30066, and how to detect it.

Nov 3, 20257 min read
Cloud Security

Jenkins plugin vulnerability trends report

Jenkins plugin CVEs keep piling up—missing permission checks, CSRF gaps, and a critical CVE-2024-23897 that attackers scanned for within days.

Nov 2, 20256 min read
Software Supply Chain Security

Unapproved Change Risk in the Software Supply Chain

How unreviewed code, dependency, and pipeline changes create supply chain breaches like SolarWinds and XZ Utils - and how to detect them before attackers do.

Nov 2, 20258 min read
Cloud Security

OpenTofu and Terraform provider supply chain risk

Terraform and OpenTofu providers run unsandboxed with full pipeline credentials. Here's where the provider supply chain actually breaks down.

Nov 1, 20257 min read
Industry Analysis

Session Persistence Security Risks

CircleCI, Okta, Sourcegraph, and Codecov were all breached the same way: a session token outlived the trust that created it. Here's how session persistence becomes a supply chain risk.

Nov 1, 20258 min read
Industry Analysis

Multi-Factor Authentication Bypass via Privilege Escalation

Attackers increasingly skip cracking MFA altogether — they escalate privileges around it. Real cases from Microsoft, Uber, and SolarWinds show how, and what actually stops it.

Nov 1, 20257 min read
Industry Analysis

Personal Access Token Security Best Practices

Leaked personal access tokens have driven major supply chain breaches. Here's why PATs are risky, real incidents, and how scoping, rotation, and detection fix it.

Nov 1, 20256 min read
Industry Analysis

Cleartext Sensitive Information in Cookies

Cleartext sensitive data in cookies (CWE-315) quietly enables account takeover and IDOR. Here's how it happens, why it survives review, and how Safeguard catches it.

Oct 30, 20257 min read
Regulatory Compliance

Insecure Default Configurations in Applications and Frame...

Insecure default configurations caused the 2016 MongoDB ransom wave, the 2018 Tesla Kubernetes breach, and countless audit failures. Here's why defaults stay dangerous and how to fix it.

Oct 29, 20257 min read
Container Security

Containers Running in Privileged Mode: Risks and Fixes

Docker's --privileged flag strips seccomp, AppArmor, and capability limits in one line. Here's how attackers exploit it, real CVEs, and how to lock it down.

Oct 28, 20257 min read
Industry Analysis

SQL Injection Prevention in Python with Parameterized Que...

SQL injection remains widespread in Python apps despite decades-old fixes. Here's how parameterized queries actually prevent it, and where ORMs still leave gaps.

Oct 27, 20257 min read
Industry Analysis

SQL Injection Prevention in Ruby with exec_params Binding

Ruby's pg gem makes SQL injection preventable with one method change. Here's how exec_params binds parameters, why Rails CVEs keep recurring, and how to migrate safely.

Oct 26, 20257 min read
supply-chain-security (Page 70) — Safeguard Blog