Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
A 12-year-old memory corruption bug in Polkit's pkexec gave any unprivileged local user instant root access on virtually every major Linux distribution. Here's why it matters.
Log4j isn't just in your code — it's in your vendors' code, your container base images, and your transitive dependencies. Here's how to find it everywhere.
The most critical vulnerability in a decade dropped on a Friday. Log4Shell affects virtually every Java application and is trivial to exploit. Here's what happened.
CVE-2021-43798 allowed unauthenticated directory traversal in Grafana, exposing configuration files and credentials. Exploitation was trivial and widespread.
CVSS scores alone lead to alert fatigue and misallocated resources. Here's how EPSS, reachability analysis, and exploit intelligence create a smarter prioritization model.
CVE-2021-41773 allowed path traversal and RCE on Apache HTTP Server 2.4.49. The fix was incomplete, leading to CVE-2021-42013 days later. A lesson in patching under pressure.
ProxyShell chained three Exchange vulnerabilities for unauthenticated remote code execution. Months after patches were available, thousands of servers remained exposed.
PrintNightmare gave attackers SYSTEM-level access through the Windows Print Spooler service running on nearly every Windows machine. The patch rollout was a mess.
Weekly insights on software supply chain security, delivered to your inbox.