Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
A critical authentication vulnerability in Jira Service Management allowed attackers to impersonate users and gain access to sensitive service desk instances. The flaw bypassed email verification controls.
A year after Log4Shell shook the internet, many organizations still had vulnerable instances. Here's what the anniversary revealed about our industry.
A heap-based buffer overflow in Fortinet's SSL-VPN was actively exploited before disclosure. State-sponsored actors used it to deploy custom implants on critical infrastructure.
A vulnerability in GitHub's commit signature verification allowed attackers to forge signed commits. The flaw undermined the integrity guarantees that code signing is supposed to provide.
OpenSSL pre-announced a critical vulnerability that was later downgraded to high severity. The incident revealed as much about our processes as the bug itself.
A critical RCE vulnerability in Apache Commons Text drew immediate comparisons to Log4Shell. While less severe in practice, it highlighted how deeply embedded utility libraries create systemic risk.
A critical vulnerability in GitLab's GitHub import feature allowed authenticated attackers to execute arbitrary code on the server. The flaw highlighted risks in platform migration features.
CVE-2022-26138 exposed a hardcoded password in the Questions for Confluence app, granting unauthenticated access to Confluence data. A preventable disaster.
Retbleed exploits return instructions to bypass Spectre mitigations on AMD and Intel processors. Here's what it means for your infrastructure.
Weekly insights on software supply chain security, delivered to your inbox.