Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
State-aligned and financially motivated actors now target individual developers with bespoke social engineering. Here is the tradecraft and what engineering leaders must do.
Attackers bribed overseas Coinbase support agents to steal customer data, then demanded a $20M ransom. Coinbase refused to pay and disclosed everything.
Scattered Spider adapted its tactics in 2025, moving beyond casino hacks to target retail, healthcare, and manufacturing with increasingly sophisticated social engineering.
AI-generated voice and video deepfakes powered a new wave of phishing campaigns in early 2025. The technology is cheap, the results are convincing, and defenses are lagging.
The English-speaking social engineering crew behind MGM and Caesars keeps going after developers and help desks. Here's what I keep seeing.
Scattered Spider combined aggressive social engineering with deep knowledge of enterprise IT to breach MGM Resorts, Caesars Entertainment, and dozens of other organizations.
Starjacking exploits the trust developers place in GitHub stars and repository metadata. Attackers link malicious packages to popular repositories to appear legitimate. Here is how it works.
LAPSUS$ broke into Microsoft, Nvidia, Samsung, and Okta using social engineering and insider recruitment rather than sophisticated malware. Their techniques exposed fundamental security gaps.
Weekly insights on software supply chain security, delivered to your inbox.