Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
APT29's 2024-2025 cloud-native tradecraft — from Midnight Blizzard's Microsoft intrusion to the Teams phishing pivots — shows how SVR targets identity as supply chain.
UNC5221 chained Ivanti Connect Secure zero-days through 2024 and 2025. The campaign reads like a masterclass in living off trusted edge appliances.
Storm-0558 forged Microsoft cloud tokens with a stolen MSA key and read government email. Three years later the architectural lessons are still unevenly applied.
Akira has industrialized VPN appliance exploitation. Here is the tradecraft, the advisories that document it, and what defenders must do about edge software supply chain risk.
We propose a kill chain framework specific to software supply chain attacks, mapping attacker techniques to defensive controls at each stage.
Alex Birsan's 2021 disclosure named a class of attacks. Four years on, dependency confusion has evolved across registries, tooling, and victim profiles.
Volt Typhoon is pre-positioning inside U.S. critical infrastructure using living-off-the-land tradecraft and third-party access. Here is what defenders should do about it.
Midnight Blizzard (APT29, Cozy Bear) has refined long-dwell supply chain access into an operational art. Here is what their 2023-2025 pattern looks like to defenders.
DPRK operatives have placed themselves inside Western companies as remote developers. Here is how that pattern functions as a supply chain threat and how to detect it.
Weekly insights on software supply chain security, delivered to your inbox.