Safeguard.sh
Resources

Supply Chain Security, in plain English.

Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.

All (98)AI Security (294)DevSecOps (153)Open Source Security (132)Best Practices (126)Vulnerability Analysis (98)Incident Analysis (83)Industry Analysis (80)Application Security (73)Compliance (68)Container Security (64)Software Supply Chain Security (51)Vulnerability Management (47)Regulatory Compliance (42)Threat Intelligence (41)Supply Chain Attacks (36)Product (35)Cloud Security (35)SBOM (34)Supply Chain Security (25)Ransomware (21)Infrastructure Security (20)SBOM & Compliance (19)Industry Guides (19)Compliance & Regulations (18)Emerging Technology (17)Case Studies (17)Risk Management (16)Tool Reviews (16)Incident Response (15)Security Strategy (13)Dependency Security (11)Web Security (11)Kubernetes Security (9)Company (8)Architecture (8)Industry Trends (7)Secure Development (7)AppSec (7)How-To Guide (7)Zero-Day Exploits (7)Network Security (7)Dependency Management (7)Data Breach (7)Research (6)Tutorials (6)Security Operations (6)Organizational Security (6)Developer Security (6)Open Source (5)Breach Analysis (5)Code Security (5)Product Launch (4)Offensive Security (4)Tool Comparisons (4)Build Security (3)Vulnerability Research (3)Compliance & Frameworks (3)Regional Security (3)Policy & Compliance (3)SBOM Standards (3)Software Supply Chain (3)Analysis (3)Startup Security (3)Mobile Security (3)Hardware Security (3)Security (2)Zero-Day Analysis (2)Industry News (2)Release (2)SBOM and Compliance (2)Security Management (2)Threat Actors (2)API Security (2)Security Architecture (2)Security Culture (2)Social Engineering (2)DeFi Security (2)Cryptocurrency Security (2)Technical (1)Healthcare (1)Events (1)Frameworks (1)Product Update (1)Standards (1)Engineering (1)Language Security (1)Emerging Threats (1)Privacy (1)Lifecycle Management (1)Career Development (1)Tools & Platforms (1)Threat Modeling (1)Browser Security (1)Threat Analysis (1)Business Continuity (1)Runtime Security (1)Governance (1)Healthcare Security (1)Credential Attacks (1)Identity Security (1)PKI Security (1)Architecture Security (1)Nation-State Threats (1)Tools & Techniques (1)Privacy & Security (1)

Articles

RSS feed
Vulnerability Analysis

Zimbra Collaboration CVE-2023-37580: XSS Zero-Day Exploited by Four Nation-State Groups

A reflected XSS vulnerability in Zimbra Collaboration was exploited by four distinct threat groups targeting government organizations worldwide. The campaign showed how even 'low severity' bugs enable espionage.

Jul 13, 20235 min read
Vulnerability Analysis

Microsoft Teams Vulnerability: External Tenant Attacks and the Collaboration Security Gap

Researchers demonstrated that Microsoft Teams' default configuration allowed external attackers to deliver malware directly to employees, bypassing email security controls entirely.

Jun 22, 20236 min read
Vulnerability Analysis

Progress MOVEit: Second Critical Vulnerability Discovered Amid Breach Fallout

While organizations were still reeling from the first MOVEit zero-day, a second critical vulnerability was found — raising questions about the product's security.

Jun 20, 20236 min read
Vulnerability Analysis

Barracuda ESG Zero-Day CVE-2023-2868: When Patching Isn't Enough

Barracuda told customers to physically replace compromised Email Security Gateway appliances. The vulnerability had been exploited since October 2022.

Jun 15, 20236 min read
Vulnerability Analysis

FortiGate CVE-2023-27997: Critical Heap Overflow in SSL VPN

A pre-authentication heap overflow in FortiOS SSL VPN allowed remote code execution on hundreds of thousands of internet-facing firewalls.

Jun 12, 20236 min read
Vulnerability Analysis

MOVEit Transfer CVE-2023-34362: The Zero-Day That Hit Thousands

The MOVEit Transfer SQL injection zero-day exploited by Cl0p ransomware gang became 2023's most impactful vulnerability. Here's the full technical analysis.

Jun 1, 20236 min read
Vulnerability Analysis

CISA KEV Catalog: One Year Analysis of Known Exploited Vulnerabilities

After one year, the CISA KEV catalog has reshaped how organizations prioritize patching. Here's what the data tells us about real-world exploitation.

Apr 25, 20236 min read
Vulnerability Analysis

PaperCut CVE-2023-27350: When Print Management Software Becomes a Ransomware Gateway

CVE-2023-27350 in PaperCut NG/MF allowed unauthenticated RCE through the print management server. Cl0p and LockBit ransomware groups jumped on it within days.

Apr 19, 20236 min read
Vulnerability Analysis

Fortinet FortiProxy CVE-2023-25610: Buffer Underwrite in Network Security Infrastructure

CVE-2023-25610 allowed unauthenticated RCE on FortiOS and FortiProxy through a buffer underwrite vulnerability. Another critical flaw in perimeter security appliances.

Mar 8, 20236 min read
Page 8 of 11

Stay informed

Weekly insights on software supply chain security, delivered to your inbox.

Blog | Safeguard.sh — Software Supply Chain Security Insights