Safeguard
Tag

threat intel

Safeguard articles tagged "threat intel" — guides, analysis, and best practices for software supply chain and application security.

14 articles

Industry Analysis

Vulnerability Intelligence Platform Comparison 2026

A working comparison of vulnerability intelligence platforms in 2026, evaluating data freshness, exploit signal, AI infrastructure coverage, and integration patterns.

Apr 25, 20265 min read
Threat Intelligence

Volt Typhoon: Critical Infrastructure Supply Chain

Volt Typhoon is pre-positioning inside U.S. critical infrastructure using living-off-the-land tradecraft and third-party access. Here is what defenders should do about it.

Mar 2, 20266 min read
Threat Intelligence

Cozy Bear / Midnight Blizzard Supply Chain Tactics

Midnight Blizzard (APT29, Cozy Bear) has refined long-dwell supply chain access into an operational art. Here is what their 2023-2025 pattern looks like to defenders.

Feb 25, 20266 min read
Threat Intelligence

DPRK IT Worker Supply Chain Insider Threat

DPRK operatives have placed themselves inside Western companies as remote developers. Here is how that pattern functions as a supply chain threat and how to detect it.

Feb 20, 20266 min read
Threat Intelligence

Black Basta Ransomware Leak Lessons Learned

The Black Basta chat leak gave defenders a rare inside view of how a ransomware program operates. Here are the durable engineering lessons to take from it.

Feb 17, 20266 min read
Threat Intelligence

LockBit Takedown: What Came After

Operation Cronos disrupted LockBit's infrastructure but not the underlying affiliate economy. Here is what actually changed and what defenders should take from it into 2026.

Feb 13, 20267 min read
Threat Intelligence

FIN7 Supply Chain Social Engineering (2024)

FIN7 built tooling that made its social engineering feel like a SaaS product. Here is how its 2024 tradecraft blended malvertising, fake tools, and credential theft into a supply chain attack.

Feb 10, 20266 min read
Threat Intelligence

Gamaredon Ukraine Targeting Supply Chain 2025

Gamaredon's 2025 operations against Ukraine have leaned harder into software and MSP supply chain pivots. Here is the tradecraft defenders need to recognize.

Feb 6, 20267 min read
Threat Intelligence

Lazarus Group: 3CX and Software Builds

Lazarus turned a developer's personal machine into a corporate build-system compromise. Here is how that cascade actually worked and what it teaches about build-system trust.

Feb 6, 20267 min read
Threat Intelligence

RansomHub Ransomware and EDR Bypass (2024)

RansomHub absorbed affiliates displaced by BlackCat and ran one of the most prolific extortion operations of 2024. Here is what made its tradecraft effective and how to counter it.

Feb 2, 20267 min read
Threat Intelligence

Salt Typhoon Telecom Supply Chain Campaign 2024

Salt Typhoon's 2024 intrusions into U.S. telecoms reframed supply chain risk as a routing and lawful-intercept problem. Here is what the campaign looked like from a defender's seat.

Feb 2, 20267 min read
Threat Intelligence

Scattered Spider: Identity as Supply Chain 2024-25

Scattered Spider showed that help-desk processes, SaaS federation, and MSPs are the new software supply chain. Here is how to think about it and what to actually change.

Jan 30, 20267 min read
threat intel — Safeguard Blog