Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
An infostealer infection at AI startup Context.ai let attackers reuse a Vercel employee's months-old Google Workspace OAuth grant to bypass MFA and exfiltrate customer environment variables. Disclosed April 2026, the fallout deepened through May.
Cleo's managed file transfer products became the next MOVEit. A postmortem on CVE-2024-50623, the Cl0p exploitation, and the file-transfer software risk class.
The Okta customer support breach of October 2023 exposed HAR files containing session tokens for major customers. The structural lessons run deeper than the incident.
Okta's cross-tenant impersonation advisory and related social-engineering campaigns exposed how identity providers get targeted. Lessons for defenders.
The MSI breach exposed Intel BootGuard private keys and OEM signing infrastructure. A look at firmware-level supply chain risk and the gaps that remain.
Researchers found thousands of valid Hugging Face API tokens in public code and models. Analysis of the 2024 exposures and what they mean for ML supply chain.
Trusted Publishing made PyPI safer, but leaked short-lived OIDC tokens in CI logs kicked off a credential-replay campaign that PyPI, GitHub, and Sonatype all tracked in 2025.
Researchers keep finding valid AWS, GitHub, and cloud credentials baked into public Docker Hub images. What the 2024 data shows and how to stop shipping secrets.
The CrowdStrike Falcon outage of July 2024 bricked 8.5 million Windows hosts. A content validator bug and no staged rollout were the confirmed root cause.
Weekly insights on software supply chain security, delivered to your inbox.