Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
Attackers used stolen credentials from infostealer malware to access Snowflake customer accounts without MFA, compromising data at Ticketmaster, Santander, AT&T, and over 160 other organizations.
Cisco Duo's 2024 disclosure about a telephony provider breach exposed SMS and voice MFA logs; the supply chain depth of authentication vendors is the story.
In May 2024, Dell Technologies disclosed a breach exposing 49 million customer records after a threat actor exploited a partner portal API to scrape names, addresses, and purchase details, then attempted to sell the data online.
Twilio disclosed two social engineering incidents in 2022 that cascaded through its customer base; the supply chain lessons remain relevant for any B2B vendor.
CISA issued a rare advisory urging Sisense customers to reset credentials after attackers compromised the business intelligence platform, potentially accessing customer data across thousands of organizations.
In April 2024, Roku disclosed that two separate credential stuffing campaigns had compromised approximately 576,000 customer accounts, with attackers making fraudulent purchases and changing account details on some affected accounts.
The xz-utils backdoor (CVE-2024-3094) nearly compromised SSH on every modern Linux distro. Here is how the implant worked and what it teaches us.
In March 2024, AT&T confirmed that a dataset containing personal information of approximately 73 million current and former customers, including encrypted passcodes, had been published on the dark web, three years after its initial appearance.
A retrospective on Okta's string of security incidents from 2022 through 2023 and what they teach us about identity providers as critical supply chain dependencies.
Weekly insights on software supply chain security, delivered to your inbox.