Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
A technical retrospective on the 2024 Cyberhaven Chrome extension compromise: the phishing chain, the malicious OAuth flow, the exfiltration payload, and what actually changes browser-extension supply chain defense.
Dependency confusion still works in 2026 because teams keep missing the same three controls. Here's how to detect and block it in npm, pip, and Maven.
The Ledger Connect Kit compromise was a five-hour CDN attack that drained roughly $600k from connected wallets. A look at how it happened and what defenders learned.
A senior engineer's review of the 2025 VS Code Marketplace malware wave, including typosquats, trojanized themes, and extensions that stole npm tokens at scale.
A senior engineer's breakdown of how maintainer account takeovers evolved in 2025, from phishing kits targeting PyPI to session token theft on GitHub and npm.
A senior engineer's view of six years of npm protestware, from colors.js to peacenotwar, and the supply chain lessons that still apply to modern JavaScript shops.
Slopsquatting is the practice of registering package names that LLMs hallucinate, turning AI coding assistants into an accidental distribution channel.
Maven Central has historically been the quietest major registry for malware, but 2025 saw a measurable uptick in malicious artifacts and namespace abuse.
Researchers tracked a PyPI campaign publishing malicious packages under the mexalz and related account names, targeting Python developers with infostealers.
Weekly insights on software supply chain security, delivered to your inbox.