Industry Analysis
Conti Ransomware Supply Chain Patterns
Before Conti splintered in 2022, its affiliates turned MSPs, RMM tools, and identity infrastructure into repeatable supply chain attack paths.
Apr 18, 20246 min read
Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
Before Conti splintered in 2022, its affiliates turned MSPs, RMM tools, and identity infrastructure into repeatable supply chain attack paths.
A practical look at building a Splunk content pack for software supply chain threats, with SPL searches for CI/CD anomalies, package registry abuse, and build provenance violations.
NIST's National Vulnerability Database nearly stopped enriching CVEs in early 2024, creating a growing backlog that left security teams without the severity scores and metadata they depend on.
A field analyst's look at how North Korea's Lazarus Group has turned software supply chains into a strategic weapon, from 3CX to npm.
Modern vehicles contain over 100 million lines of code. The automotive industry is waking up to software supply chain security, and SBOMs are central to the response.
Five takeaways from the supply chain sessions at RSA Conference 2023, from SBOM adoption skepticism to attestation tooling and federal procurement pressure.
Bug bounty programs are a billion-dollar market. But the economics do not work equally well for everyone. A look at who benefits, who gets shortchanged, and what the numbers actually say.
Two years after the SolarWinds SUNBURST compromise, the industry has new frameworks and new vocabulary — but has the build pipeline actually gotten harder to attack?
Weekly insights on software supply chain security, delivered to your inbox.