Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
Managed file transfer platforms have become a recurring epicenter of mass exploitation. We trace the 2026 incidents, the reused tradecraft, and what defenders should do now.
npm account takeovers have shifted from opportunistic phishing to coordinated, multi-stage operations. We trace the 2025 to 2026 evolution and what it means for maintainers.
Q1 2026 PyPI malicious package activity shows a clear shift toward AI and ML tooling targets. We break down the data, the tradecraft, and the implications.
Dependency confusion turned five in 2026. We look at how the attack has evolved, why it still works, and what defenders have actually learned.
Open source maintainers are now a primary target for state and criminal actors. We trace the 2026 social engineering, infrastructure, and credential patterns.
Okta's cross-tenant impersonation advisory and related social-engineering campaigns exposed how identity providers get targeted. Lessons for defenders.
CI/CD platforms have become high-value supply chain targets. We analyze 2026 attack trends, including runner abuse, action poisoning, and OIDC token theft.
Researchers found thousands of valid Hugging Face API tokens in public code and models. Analysis of the 2024 exposures and what they mean for ML supply chain.
Researchers keep finding valid AWS, GitHub, and cloud credentials baked into public Docker Hub images. What the 2024 data shows and how to stop shipping secrets.
Weekly insights on software supply chain security, delivered to your inbox.