Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
American Water Works discovered unauthorised network access on October 3, 2024, shutting down its MyWater customer portal and billing systems serving 14 million people across 24 states.
RansomHub encrypted Halliburton systems on August 21, 2024, exfiltrated proprietary oilfield data, and contributed to a $35M direct response cost disclosed in the company's Q3 10-Q.
BlackSuit ransomware encrypted CDK Global's dealer-management cloud on June 18-19, 2024, crippling roughly 15,000 North American auto dealerships and triggering a reported $25M ransom payment.
In January 2025 UnitedHealth revised the Change Healthcare breach count to 190 million people, the largest HIPAA breach in US history. We unpack what changed and the supply-chain lessons that still apply.
Black Basta encrypted Ascension's network on May 8, 2024 via a malicious file downloaded by an employee, diverting ambulances across 140 hospitals and ultimately notifying 5.6 million patients.
In November 2024 the Termite ransomware group hit Blue Yonder, taking workforce-management and logistics SaaS offline for Starbucks, Sainsbury's, and Morrisons. We unpack the SaaS supply-chain blast radius.
On August 24, 2024, Rhysida ransomware took down Port of Seattle systems including Sea-Tac airport check-in, baggage, and the Port website. The Port refused a $6 million ransom. We unpack the case.
CVE-2024-40766 in SonicWall SonicOS became an immediate target for Akira and Fog ransomware groups, highlighting the ongoing risk of VPN appliance vulnerabilities.
Ransomware groups increasingly target VMware ESXi hypervisors to encrypt entire virtual environments at once. The 2024 campaigns exploited known and zero-day vulnerabilities for maximum impact.
Weekly insights on software supply chain security, delivered to your inbox.