Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
SolarWinds shipped a hardcoded helpdeskIntegrationUser credential in Web Help Desk that CISA added to KEV on October 15, 2024 after federal agency intrusions.
In January 2025 Wiz Research found a wide-open ClickHouse instance belonging to AI startup DeepSeek, leaking chat history, API keys, and internal log streams. We unpack the AI-supply-chain implications.
BlackSuit ransomware encrypted CDK Global's dealer-management cloud on June 18-19, 2024, crippling roughly 15,000 North American auto dealerships and triggering a reported $25M ransom payment.
In January 2025 UnitedHealth revised the Change Healthcare breach count to 190 million people, the largest HIPAA breach in US history. We unpack what changed and the supply-chain lessons that still apply.
Black Basta encrypted Ascension's network on May 8, 2024 via a malicious file downloaded by an employee, diverting ambulances across 140 hospitals and ultimately notifying 5.6 million patients.
Salt Typhoon breached at least nine U.S. carriers, exposing lawful intercept systems. We unpack the attack chain and what telcos must fix in 2025.
Zoom's security history from 2020 onward reshaped how the industry thinks about conferencing software supply chains, from installers to third-party components.
In November 2024 the Termite ransomware group hit Blue Yonder, taking workforce-management and logistics SaaS offline for Starbucks, Sainsbury's, and Morrisons. We unpack the SaaS supply-chain blast radius.
In November 2024 the Hellcat ransomware group breached Schneider Electric's Atlassian Jira via Lumma infostealer credentials. We unpack the SaaS supply-chain anatomy and the project-tracker as data target.
Weekly insights on software supply chain security, delivered to your inbox.