Threat Intelligence
Black Basta Ransomware Leak Lessons Learned
The Black Basta chat leak gave defenders a rare inside view of how a ransomware program operates. Here are the durable engineering lessons to take from it.
Feb 17, 20266 min read
Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
The Black Basta chat leak gave defenders a rare inside view of how a ransomware program operates. Here are the durable engineering lessons to take from it.
Operation Cronos disrupted LockBit's infrastructure but not the underlying affiliate economy. Here is what actually changed and what defenders should take from it into 2026.
FIN7 built tooling that made its social engineering feel like a SaaS product. Here is how its 2024 tradecraft blended malvertising, fake tools, and credential theft into a supply chain attack.
Gamaredon's 2025 operations against Ukraine have leaned harder into software and MSP supply chain pivots. Here is the tradecraft defenders need to recognize.
Lazarus turned a developer's personal machine into a corporate build-system compromise. Here is how that cascade actually worked and what it teaches about build-system trust.
RansomHub absorbed affiliates displaced by BlackCat and ran one of the most prolific extortion operations of 2024. Here is what made its tradecraft effective and how to counter it.
Salt Typhoon's 2024 intrusions into U.S. telecoms reframed supply chain risk as a routing and lawful-intercept problem. Here is what the campaign looked like from a defender's seat.
Scattered Spider showed that help-desk processes, SaaS federation, and MSPs are the new software supply chain. Here is how to think about it and what to actually change.
Clop has industrialized third-party file-transfer exploitation. Here is how the group operates, what it keeps repeating, and how defenders can stop repeating their own mistakes.
Weekly insights on software supply chain security, delivered to your inbox.