Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
The EU Cybersecurity Reserve under Regulation (EU) 2025/38 mobilises trusted private incident-response providers to support Member States facing significant cyber incidents.
A missing --env flag during a Wrangler secret rotation took R2 writes to zero for 67 minutes. Here is the failure mode and the deployment guardrails that should have caught it.
Regulation (EU) 2025/38 entered into force on 4 February 2025, establishing an EU Cybersecurity Reserve, alert system of cross-border hubs, and ENISA-led incident review mechanism.
A routine phishing-URL takedown clicked the wrong button and disabled R2 globally for 59 minutes. Here is what went wrong and the two-party approval Cloudflare added afterwards.
Black Basta encrypted Ascension's network on May 8, 2024 via a malicious file downloaded by an employee, diverting ambulances across 140 hospitals and ultimately notifying 5.6 million patients.
Salt Typhoon breached at least nine U.S. carriers, exposing lawful intercept systems. We unpack the attack chain and what telcos must fix in 2025.
When a vendor's incident affects you, the coordination work between their IR team and your ops becomes its own project. How to run it well.
A compromised signing key is the quietest crisis in security. A concrete playbook for responding when your code signing infrastructure is implicated.
A step-by-step playbook for responding to upstream dependency, build system, and vendor compromises, including roles, timelines, and stakeholder communications.
Weekly insights on software supply chain security, delivered to your inbox.