Safeguard
Tag

threat-intelligence

Safeguard articles tagged "threat-intelligence" — guides, analysis, and best practices for software supply chain and application security.

47 articles

Ransomware

First VPN Takedown: How May 2026's Strike on Ransomware Infrastructure Worked

In May 2026, an international coalition dismantled First VPN, a service the FBI says at least 25 ransomware gangs used to hide. We unpack the takedown, the broader 2026 infrastructure offensive, and why disrupting plumbing matters more than chasing brands.

May 22, 202610 min read
Threat Intelligence

SonicWall SonicOS Scanning Surge in May 2026: The CVE-2026-0400 Early-Warning Pattern

GreyNoise recorded ~597,000 SonicWall SonicOS scanning sessions on May 12, 2026, roughly 46x baseline. The pattern echoes the recon waves that preceded CVE-2026-0400's disclosure. Here is how to read the signal.

May 20, 202611 min read
Ransomware

The Gentlemen RaaS Database Leak: What the May 2026 Breach Revealed About a Top Ransomware Operation

An insider sold The Gentlemen's internal 'Rocket' backend in May 2026, exposing affiliate structure, tooling, and negotiation logs of one of 2026's most prolific RaaS crews. Here is what the leak teaches defenders.

May 20, 202611 min read
Threat Intelligence

Nation-State Actors Operationalize AI: Inside GTIG's May 2026 Threat Tracker

Google's Threat Intelligence Group documented China, North Korea, Russia, and Iran moving AI from experiment to operations in May 2026 — AI-assisted vulnerability research, LLM-enabled malware, and obfuscated model-access infrastructure.

May 13, 202611 min read
Threat Intelligence

Malicious PyPI packages: common infiltration patterns

Real malicious PyPI package examples — typosquats, dependency confusion, hijacked maintainers, and crypto stealers — and how Safeguard catches them before install.

May 10, 20268 min read
Threat Intelligence

Malicious NuGet package campaigns targeting developers

Socket.dev has tracked malicious NuGet packages stealing wallets, banking credentials, and sabotaging industrial systems. See how Safeguard catches them first.

May 10, 20268 min read
Threat Intelligence

Malicious browser and IDE extensions (Chrome, Firefox, VS...

How the Cyberhaven Chrome extension breach and the GlassWorm Open VSX worm exposed a supply chain blind spot that dependency scanners like Socket.dev don't cover.

May 9, 20266 min read
Threat Intelligence

Shadow-Earth-053: China-Aligned Espionage Across Asia and a NATO State (May 2026)

Trend Micro's May 1, 2026 disclosure of Shadow-Earth-053 documents a China-aligned campaign exploiting N-day Exchange and IIS flaws to plant Godzilla web shells and ShadowPad across government, defense, and civil-society targets in eight-plus countries.

May 2, 20269 min read
Threat Intelligence

Qilin Ransomware Supply Chain Tactics 2025

Qilin became a top ransomware operator in 2024-2025 by pairing edge-device exploitation with managed service provider compromise. Here is the supply chain breakdown.

Apr 11, 20268 min read
Threat Intelligence

Lazarus Financial Sector Campaigns 2024-2025

Lazarus Group's 2024-2025 financial sector campaigns combined exchange compromises, DeFi exploits, and developer social engineering. Here is what defenders must know.

Apr 4, 20268 min read
Threat Intelligence

Flax Typhoon Residential Proxy Supply Chain 2024

Flax Typhoon's Raptor Train botnet turned consumer IoT into a state-aligned proxy network. Here is the tradecraft, the takedown, and the supply chain lessons.

Mar 28, 20268 min read
Threat Intelligence

Developer Social Engineering Campaigns 2024-2025

State-aligned and financially motivated actors now target individual developers with bespoke social engineering. Here is the tradecraft and what engineering leaders must do.

Mar 21, 20268 min read
threat-intelligence (Page 2) — Safeguard Blog