Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
In 2023, attackers used stolen GitHub personal access tokens to push malicious commits masquerading as Dependabot; a short-sharp incident with lasting lessons.
A technical reconstruction of the July 19 CrowdStrike Falcon sensor crash that grounded 8.5M Windows hosts, and what supply chain owners should change.
On July 19, 2024, a faulty CrowdStrike Falcon sensor update caused 8.5 million Windows machines to blue-screen worldwide, grounding flights, halting hospitals, and exposing the fragility of centralized security infrastructure.
Dropbox's 2022 GitHub phishing incident began with a developer-targeted CircleCI lookalike campaign; the supply chain lessons centered on CI tokens and code.
A reconstructed public timeline of Microsoft's Midnight Blizzard intrusion, from the initial password spray in November 2023 through the source code and federal agency disclosures.
Attackers used stolen credentials from infostealer malware to access Snowflake customer accounts without MFA, compromising data at Ticketmaster, Santander, AT&T, and over 160 other organizations.
Cisco Duo's 2024 disclosure about a telephony provider breach exposed SMS and voice MFA logs; the supply chain depth of authentication vendors is the story.
In May 2024, Dell Technologies disclosed a breach exposing 49 million customer records after a threat actor exploited a partner portal API to scrape names, addresses, and purchase details, then attempted to sell the data online.
Twilio disclosed two social engineering incidents in 2022 that cascaded through its customer base; the supply chain lessons remain relevant for any B2B vendor.
Weekly insights on software supply chain security, delivered to your inbox.