Safeguard.sh
Resources

Supply Chain Security, in plain English.

Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.

All (98)AI Security (294)DevSecOps (153)Open Source Security (132)Best Practices (126)Vulnerability Analysis (98)Incident Analysis (83)Industry Analysis (80)Application Security (73)Compliance (68)Container Security (64)Software Supply Chain Security (51)Vulnerability Management (47)Regulatory Compliance (42)Threat Intelligence (41)Supply Chain Attacks (36)Product (35)Cloud Security (35)SBOM (34)Supply Chain Security (25)Ransomware (21)Infrastructure Security (20)SBOM & Compliance (19)Industry Guides (19)Compliance & Regulations (18)Emerging Technology (17)Case Studies (17)Risk Management (16)Tool Reviews (16)Incident Response (15)Security Strategy (13)Dependency Security (11)Web Security (11)Kubernetes Security (9)Company (8)Architecture (8)Industry Trends (7)Secure Development (7)AppSec (7)How-To Guide (7)Zero-Day Exploits (7)Network Security (7)Dependency Management (7)Data Breach (7)Research (6)Tutorials (6)Security Operations (6)Organizational Security (6)Developer Security (6)Open Source (5)Breach Analysis (5)Code Security (5)Product Launch (4)Offensive Security (4)Tool Comparisons (4)Build Security (3)Vulnerability Research (3)Compliance & Frameworks (3)Regional Security (3)Policy & Compliance (3)SBOM Standards (3)Software Supply Chain (3)Analysis (3)Startup Security (3)Mobile Security (3)Hardware Security (3)Security (2)Zero-Day Analysis (2)Industry News (2)Release (2)SBOM and Compliance (2)Security Management (2)Threat Actors (2)API Security (2)Security Architecture (2)Security Culture (2)Social Engineering (2)DeFi Security (2)Cryptocurrency Security (2)Technical (1)Healthcare (1)Events (1)Frameworks (1)Product Update (1)Standards (1)Engineering (1)Language Security (1)Emerging Threats (1)Privacy (1)Lifecycle Management (1)Career Development (1)Tools & Platforms (1)Threat Modeling (1)Browser Security (1)Threat Analysis (1)Business Continuity (1)Runtime Security (1)Governance (1)Healthcare Security (1)Credential Attacks (1)Identity Security (1)PKI Security (1)Architecture Security (1)Nation-State Threats (1)Tools & Techniques (1)Privacy & Security (1)

Articles

RSS feed
Vulnerability Analysis

regreSSHion: CVE-2024-6387 OpenSSH Remote Code Execution

A regression in OpenSSH's signal handler reintroduced a vulnerability from 2006, enabling unauthenticated remote code execution on glibc-based Linux systems. Here's what you need to know.

Jul 1, 20246 min read
Vulnerability Analysis

Check Point VPN Zero-Day CVE-2024-24919: Information Disclosure Under Active Exploitation

A critical information disclosure vulnerability in Check Point VPN products allowed attackers to read sensitive files including password hashes, enabling lateral movement into enterprise networks.

May 28, 20245 min read
Vulnerability Analysis

GitHub Enterprise Server CVE-2024-4985: SAML Authentication Bypass

A critical authentication bypass in GitHub Enterprise Server allowed attackers to forge SAML responses and gain administrator access to self-hosted GitHub instances without any credentials.

May 20, 20245 min read
Vulnerability Analysis

Palo Alto PAN-OS Zero-Day CVE-2024-3400: Command Injection in GlobalProtect

A critical command injection vulnerability in Palo Alto Networks PAN-OS GlobalProtect feature was exploited as a zero-day, giving attackers root access to firewalls protecting enterprise networks.

Apr 12, 20245 min read
Vulnerability Analysis

Kubernetes CVE-2024-3177: Bypassing Mountable Secrets Policy

A medium-severity Kubernetes vulnerability allowed pods to access secrets they should not have been able to mount, undermining RBAC-based secret isolation in multi-tenant clusters.

Mar 10, 20245 min read
Vulnerability Analysis

Ivanti Connect Secure Zero-Day: CVE-2024-21887 and CVE-2023-46805 Exploited in the Wild

Two chained zero-days in Ivanti Connect Secure VPN appliances gave attackers unauthenticated remote code execution. Here's what happened and why perimeter devices remain a favorite target.

Jan 10, 20245 min read
Vulnerability Analysis

Apache OFBiz CVE-2023-51467: Authentication Bypass in Enterprise Resource Planning

CVE-2023-51467 bypassed a previous patch for an authentication flaw in Apache OFBiz, granting unauthenticated access to ERP functionality. A patch bypass that exposed critical business data.

Dec 26, 20236 min read
Vulnerability Analysis

Apache Struts CVE-2023-50164: Critical File Upload RCE Echoes Equifax-Era Nightmares

A critical path traversal vulnerability in Apache Struts allowed RCE through file upload manipulation. The disclosure triggered flashbacks to the 2017 Equifax breach caused by a similar Struts flaw.

Dec 7, 20236 min read
Vulnerability Analysis

Apache ActiveMQ CVE-2023-46604: Ransomware Groups Exploit Critical RCE

A critical remote code execution flaw in Apache ActiveMQ was rapidly weaponized by ransomware operators, with exploitation beginning before many organizations could patch.

Nov 8, 20234 min read
Page 6 of 11

Stay informed

Weekly insights on software supply chain security, delivered to your inbox.

Blog | Safeguard.sh — Software Supply Chain Security Insights