Safeguard
Resources

Supply Chain Security, in plain English.

Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.

Filtering by tag:#zero-day51 articles
All (51)AI Security (384)DevSecOps (197)Best Practices (175)Open Source Security (154)Vulnerability Analysis (117)Incident Analysis (114)Industry Analysis (107)Compliance (100)Application Security (97)Regulatory Compliance (89)Container Security (89)Cloud Security (70)Vulnerability Management (70)Software Supply Chain Security (65)Supply Chain Attacks (54)Threat Intelligence (47)SBOM (41)Product (35)Tools (32)SBOM & Compliance (30)Supply Chain Security (25)Ransomware (24)Infrastructure Security (23)Regulation (20)Industry Guides (19)Compliance & Regulations (18)Emerging Technology (17)Case Studies (17)Agent Security (16)Vulnerability Response (16)Risk Management (16)Tool Reviews (16)Incident Response (15)Security Strategy (13)Supply Chain (12)Frameworks (12)Data Breach (11)Dependency Security (11)Web Security (11)Open Source (9)Kubernetes Security (9)Company (8)Standards (8)Architecture (8)Industry Insights (7)Industry Trends (7)Secure Development (7)AppSec (7)How-To Guide (7)Zero-Day Exploits (7)Network Security (7)Dependency Management (7)Vendor Comparison (6)Research (6)Tutorials (6)Security Operations (6)Organizational Security (6)Developer Security (6)Breach Analysis (5)Code Security (5)Cryptocurrency Security (4)Tool Comparison (4)Mobile Security (4)Product Launch (4)Policy (4)Offensive Security (4)Tool Comparisons (4)Healthcare Security (3)Social Engineering (3)Build Security (3)Industry (3)Vulnerability Research (3)Compliance & Frameworks (3)Regional Security (3)Policy & Compliance (3)SBOM Standards (3)Software Supply Chain (3)Analysis (3)Startup Security (3)Hardware Security (3)Identity Security (2)Security (2)Zero-Day Analysis (2)Industry News (2)Release (2)SBOM and Compliance (2)Security Management (2)Threat Actors (2)API Security (2)Security Architecture (2)Security Culture (2)DeFi Security (2)Incident Postmortem (1)Technical (1)Healthcare (1)Events (1)Product Update (1)Engineering (1)Language Security (1)Emerging Threats (1)Privacy (1)Lifecycle Management (1)Career Development (1)Tools & Platforms (1)Threat Modeling (1)Browser Security (1)Threat Analysis (1)Business Continuity (1)Runtime Security (1)Governance (1)Credential Attacks (1)PKI Security (1)Architecture Security (1)Nation-State Threats (1)Tools & Techniques (1)Privacy & Security (1)

Articles

RSS feed
Vulnerability Analysis

FortiGate SSL-VPN Zero-Day (CVE-2022-42475): How a Heap Overflow Gave Attackers the Keys

A heap-based buffer overflow in Fortinet's SSL-VPN was actively exploited before disclosure. State-sponsored actors used it to deploy custom implants on critical infrastructure.

Dec 12, 20226 min read
Vulnerability Analysis

Follina (CVE-2022-30190): The Microsoft Zero-Day That Bypassed Macro Protections

A Word document, no macros enabled, and full remote code execution. Follina exploited the Microsoft Support Diagnostic Tool via ms-msdt protocol handlers, rendering years of macro-blocking defenses irrelevant.

Jun 10, 20227 min read
Vulnerability Analysis

Confluence Zero-Day (CVE-2022-26134): Atlassian's OGNL Injection Crisis

An unauthenticated RCE zero-day in Confluence Server was being actively exploited before Atlassian even knew about it. The vulnerability affected virtually every on-premise Confluence installation.

Jun 3, 20225 min read
Vulnerability Analysis

Log4Shell Vulnerability (CVE-2021-44228) Explained

The most critical vulnerability in a decade dropped on a Friday. Log4Shell affects virtually every Java application and is trivial to exploit. Here's what happened.

Dec 13, 20215 min read
Vulnerability Research

Zero-Day Vulnerabilities in Open Source: 2021 in Review

2021 saw a record number of zero-day exploits targeting open-source software. From Log4Shell to ProxyShell, here's what happened and what it means for defenders.

Nov 28, 20217 min read
Zero-Day Exploits

Microsoft Exchange HAFNIUM Attack: Four Zero-Days That Compromised 30,000 Organizations

Chinese state-sponsored group HAFNIUM exploited four zero-day vulnerabilities in Microsoft Exchange Server, compromising an estimated 30,000 US organizations and hundreds of thousands globally.

Jun 20, 20215 min read
Page 6 of 6

Stay informed

Weekly insights on software supply chain security, delivered to your inbox.

Blog | Safeguard — Software Supply Chain Security Insights