Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
RansomHub absorbed affiliates displaced by BlackCat and ran one of the most prolific extortion operations of 2024. Here is what made its tradecraft effective and how to counter it.
Scattered Spider showed that help-desk processes, SaaS federation, and MSPs are the new software supply chain. Here is how to think about it and what to actually change.
Clop has industrialized third-party file-transfer exploitation. Here is how the group operates, what it keeps repeating, and how defenders can stop repeating their own mistakes.
A 2025 retrospective on the September 2023 MGM Resorts ransomware incident, what changed, what stalled, and how supply chain defenders should adjust.
CVE-2024-40766 in SonicWall SonicOS became an immediate target for Akira and Fog ransomware groups, highlighting the ongoing risk of VPN appliance vulnerabilities.
Ransomware groups increasingly target VMware ESXi hypervisors to encrypt entire virtual environments at once. The 2024 campaigns exploited known and zero-day vulnerabilities for maximum impact.
Clop has turned supply chain exploitation into a repeatable playbook — MOVEit, GoAnywhere, Cleo. A look at the tradecraft that makes the campaign work.
Operation Cronos seized LockBit's leak site in February 2024. We unpack the NCA-led takedown, the decryptor release, and LockBit's rapid rebuild.
In February 2024, a ransomware attack on Change Healthcare paralyzed the U.S. healthcare payment system for weeks and ultimately exposed the personal health data of over 100 million Americans, making it the largest healthcare data breach ever recorded.
Weekly insights on software supply chain security, delivered to your inbox.