Safeguard
Tag

supply-chain

Safeguard articles tagged "supply-chain" — guides, analysis, and best practices for software supply chain and application security.

749 articles

Application Security

Fuzz Testing Supply Chain Components: Finding Bugs Before Attackers Do

Fuzz testing discovers crashes, memory corruption, and logic errors by feeding random inputs to software. Applied to supply chain components, it reveals vulnerabilities that code review and static analysis miss.

Apr 5, 20225 min read
Social Engineering

Mailchimp Social Engineering Breach: How an Employee Hack Compromised Crypto Customers

A social engineering attack on Mailchimp employees gave attackers access to internal tools, which they used to target cryptocurrency companies and their customers in a downstream phishing campaign.

Apr 4, 20225 min read
Container Security

Kubernetes Supply Chain Security: Best Practices for 2022

Kubernetes does not run your code — it runs container images built from layers of dependencies you may not control. Securing the K8s supply chain requires thinking beyond pod security policies.

Mar 15, 20225 min read
Ransomware

Conti Ransomware Leaks: What the Internal Files Revealed About Supply Chain Tools

When Conti's internal communications leaked in early 2022, they exposed the operational playbook of a top-tier ransomware gang — including how they targeted supply chains.

Mar 2, 20227 min read
Industry Analysis

SolarWinds Lessons Two Years On: What Actually Changed

Two years after the SolarWinds SUNBURST compromise, the industry has new frameworks and new vocabulary — but has the build pipeline actually gotten harder to attack?

Feb 18, 20226 min read
Hardware Security

Firmware Supply Chain Security Guide

Firmware runs below the operating system, making it invisible to most security tools. Compromised firmware can persist through OS reinstallation, making supply chain integrity essential.

Feb 5, 20226 min read
Open Source Security

Rust Crate Supply Chain Security: Lessons from a Growing Ecosystem

As Rust adoption accelerates, its crate ecosystem faces the same supply chain threats that plague npm and PyPI. Here's what the Rust community is doing right — and where gaps remain.

Jan 20, 20225 min read
Supply Chain Attacks

Software Supply Chain Attacks 2021: A Complete Timeline

2021 was the year software supply chain attacks went mainstream. From SolarWinds aftermath to Log4Shell, here's every major incident and what they tell us about the threat landscape.

Dec 28, 20216 min read
Risk Management

Vendor Concentration Risk: When Your Entire Stack Depends on One Company

Relying too heavily on a single vendor creates systemic risk that most organizations dramatically underestimate. Here is how to measure and manage it.

Dec 5, 20216 min read
Network Security

BGP Hijacking and Software Distribution Security

BGP hijacking lets attackers reroute internet traffic at the network level, silently intercepting software downloads and updates. This is one of the most powerful yet overlooked supply chain attack vectors.

Nov 28, 20217 min read
Supply Chain Security

XcodeGhost Revisited: How a Trojanized IDE Infected Thousands of iOS Apps

XcodeGhost compromised Apple's developer toolchain by distributing a modified Xcode IDE. Years later, the attack remains a textbook example of build-tool supply chain compromise.

Nov 15, 20216 min read
Open Source Security

The ua-parser-js npm Hijack of October 2021

An npm package with 8 million weekly downloads shipped a cryptominer and credential stealer for four hours. Here is the exact sequence of events.

Oct 25, 20216 min read
supply-chain (Page 61) — Safeguard Blog