third-party-risk
Safeguard articles tagged "third-party-risk" — guides, analysis, and best practices for software supply chain and application security.
54 articles
A Step-by-Step Methodology for Mapping and Prioritizing Attack Surface
CVE-2023-34362 sat in one internet-facing file-transfer server and still produced thousands of downstream breaches — attack surface mapping is what catches that server before Cl0p does.
When the Security Tool Is the Backdoor
CCleaner, tj-actions, and ua-parser-js show the same pattern: trusted tools with CI access became the attack, hitting 2.27M+ users and 23,000+ repos.
Polyfill.io supply chain domain takeover
How a routine domain sale turned polyfill.io into malware served to 100,000+ sites, and how to catch supply chain takeovers before they ship.
DORA regulation deep dive: ICT risk, testing, and third-party rules
The Digital Operational Resilience Act applies to EU financial entities and their ICT providers. Here are the five pillars, the register of information, and what your software supply chain now has to withstand.
Vendor breach exposure: third-party risk lessons from the Klue incident
A single forgotten credential at Klue exposed Salesforce CRM data at 14+ companies, including Snyk and Huntress—here's what it teaches about vendor risk.
Software Supply Chain Attack at Scale: npm, PyPI, and Docker Hub Hit in 48 Hours
GitGuardian documented three distinct supply-chain campaigns striking npm, PyPI, and Docker Hub inside a single 48-hour window in April 2026. The simultaneity tells you more about attacker tooling than any single payload does.
TeamPCP: Running a Software Supply Chain Attack Like a Production Pipeline
TeamPCP (UNC6780) is the most active actor in the 2026 supply chain corpus, weaponizing the tools developers trust most. Here is how the operation works, and why a zero-CVE campaign breaks the model most teams still rely on.
Stryker Wiper Attack: When Hacktivists Used Intune to Brick 200,000 Medtech Devices
An Iran-aligned group used a compromised admin account and Microsoft Intune to factory-reset roughly 200,000 of Stryker's devices in real time. The lesson is uncomfortable: your management plane is your biggest single point of failure.
Ransomware vs. Hospitals: The 2026 Healthcare Surge and the Push to Call It Terrorism
Healthcare ransomware dipped in volume in May 2026 but kept climbing in impact, and a former FBI cyber chief is asking Congress to treat hospital ransomware as terrorism. We weigh the policy debate against what actually protects patients.
ShinyHunters Breaches Match Group: Hinge, Match, and OkCupid Data Exposed in a Vishing-Driven Extortion Hit
ShinyHunters claimed 10 million records from Match Group's dating apps in late January 2026. Here is what was actually taken (Hinge, Match, and OkCupid — notably not Tinder), how a single vishing call opened the door, and why dating-app data raises the extortion stakes.
PyTorch Lightning PyPI Compromise: A Software Supply Chain Attack Built to Drain ML Credentials
In April 2026, attackers pushed malicious versions of the lightning PyPI package and an npm intercom-client release, harvesting cloud, CI/CD, and GitHub credentials. Here is what happened and why ML tooling is now a prime supply chain target.
Kairos Ransomware Hits Gregory Jewellers: 574 GB of Data Extortion at an Australian Luxury Retailer
The Kairos extortion group claims it stole roughly 574 GB from Australian luxury jeweller Gregory Jewellers. Here is what is verified, what the group's playbook tells us, and why pure data-extortion crews are the harder problem.