Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
In May 2026, an international coalition dismantled First VPN, a service the FBI says at least 25 ransomware gangs used to hide. We unpack the takedown, the broader 2026 infrastructure offensive, and why disrupting plumbing matters more than chasing brands.
An insider sold The Gentlemen's internal 'Rocket' backend in May 2026, exposing affiliate structure, tooling, and negotiation logs of one of 2026's most prolific RaaS crews. Here is what the leak teaches defenders.
Foxconn confirmed a cyberattack on its North American factories in May 2026 after the Nitrogen ransomware crew claimed 8TB and 11 million files. We break down the attack chain, the broken ESXi decryptor, and what manufacturers should do now.
Fog ransomware has carved a niche targeting schools and universities, exploiting chronic underfunding and SonicWall VPN vulnerabilities to devastating effect.
Play ransomware refined the MSP attack model, exploiting FortiOS and RDP vulnerabilities to cascade through managed service providers into hundreds of downstream organizations.
Medusa ransomware operators have refined a playbook that targets managed service providers and software vendors as stepping stones into hundreds of downstream victims.
The RaaS ecosystem proved resilient through 2024 despite major law enforcement takedowns, with new groups filling every gap and affiliate models becoming more sophisticated.
Qilin ransomware operators pioneered a mass credential theft technique using Group Policy to extract saved Chrome browser credentials across entire domains.
Rhysida ransomware distinguished itself through deliberate targeting of government agencies, education institutions, and healthcare organizations across multiple countries.
Weekly insights on software supply chain security, delivered to your inbox.