Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
Salt Typhoon's 2024 intrusions into U.S. telecoms reframed supply chain risk as a routing and lawful-intercept problem. Here is what the campaign looked like from a defender's seat.
Scattered Spider showed that help-desk processes, SaaS federation, and MSPs are the new software supply chain. Here is how to think about it and what to actually change.
Clop has industrialized third-party file-transfer exploitation. Here is how the group operates, what it keeps repeating, and how defenders can stop repeating their own mistakes.
A data-driven breakdown of supply chain attacks from January through June 2025, covering attack vectors, targeted ecosystems, and emerging trends.
Scattered Spider adapted its tactics in 2025, moving beyond casino hacks to target retail, healthcare, and manufacturing with increasingly sophisticated social engineering.
The CISA Known Exploited Vulnerabilities catalog has become the definitive list of actively exploited flaws. An analysis of 2025 KEV trends reveals which products, vulnerability types, and attack patterns dominate.
Qilin has rapidly become one of the most active ransomware operations, targeting healthcare, manufacturing, and critical infrastructure. A technical breakdown of their methods.
AI-generated voice and video deepfakes powered a new wave of phishing campaigns in early 2025. The technology is cheap, the results are convincing, and defenses are lagging.
Medusa ransomware has evolved beyond traditional encryption schemes, leveraging supply chain compromise to infiltrate victims. Here's what defenders need to know.
Weekly insights on software supply chain security, delivered to your inbox.