Resources

Supply Chain Security, in plain English.

Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.

Filter

All (8)AI Security (384)DevSecOps (197)Best Practices (175)Open Source Security (154)Vulnerability Analysis (117)Incident Analysis (114)Industry Analysis (107)Compliance (100)Application Security (97)Regulatory Compliance (89)Container Security (89)Cloud Security (70)Vulnerability Management (70)Software Supply Chain Security (65)Supply Chain Attacks (54)Threat Intelligence (47)SBOM (41)Product (35)Tools (32)SBOM & Compliance (30)Supply Chain Security (25)Ransomware (24)Infrastructure Security (23)Regulation (20)Industry Guides (19)Compliance & Regulations (18)Emerging Technology (17)Case Studies (17)Agent Security (16)Vulnerability Response (16)Risk Management (16)Tool Reviews (16)Incident Response (15)Security Strategy (13)Supply Chain (12)Frameworks (12)Data Breach (11)Dependency Security (11)Web Security (11)Open Source (9)Kubernetes Security (9)Company (8)Standards (8)Architecture (8)Industry Insights (7)Industry Trends (7)Secure Development (7)AppSec (7)How-To Guide (7)Zero-Day Exploits (7)Network Security (7)Dependency Management (7)Vendor Comparison (6)Research (6)Tutorials (6)Security Operations (6)Organizational Security (6)Developer Security (6)Breach Analysis (5)Code Security (5)Cryptocurrency Security (4)Tool Comparison (4)Mobile Security (4)Product Launch (4)Policy (4)Offensive Security (4)Tool Comparisons (4)Healthcare Security (3)Social Engineering (3)Build Security (3)Industry (3)Vulnerability Research (3)Compliance & Frameworks (3)Regional Security (3)Policy & Compliance (3)SBOM Standards (3)Software Supply Chain (3)Analysis (3)Startup Security (3)Hardware Security (3)Identity Security (2)Security (2)Zero-Day Analysis (2)Industry News (2)Release (2)SBOM and Compliance (2)Security Management (2)Threat Actors (2)API Security (2)Security Architecture (2)Security Culture (2)DeFi Security (2)Incident Postmortem (1)Technical (1)Healthcare (1)Events (1)Product Update (1)Engineering (1)Language Security (1)Emerging Threats (1)Privacy (1)Lifecycle Management (1)Career Development (1)Tools & Platforms (1)Threat Modeling (1)Browser Security (1)Threat Analysis (1)Business Continuity (1)Runtime Security (1)Governance (1)Credential Attacks (1)PKI Security (1)Architecture Security (1)Nation-State Threats (1)Tools & Techniques (1)Privacy & Security (1)

Articles

RSS feed

Identity Security

FBI Warns on Kali365: A PhaaS Kit That Steals M365 OAuth Tokens and Bypasses MFA (May 2026)

The FBI's May 21, 2026 IC3 advisory details Kali365, a Telegram-distributed phishing-as-a-service kit that uses device-code phishing to capture Microsoft 365 access and refresh tokens, granting password-free, MFA-immune persistence.

May 22, 202611 min read

Incident Analysis

The Vercel Breach: A Forgotten OAuth Grant Became a SaaS Supply-Chain Pivot (May 2026)

An infostealer infection at AI startup Context.ai let attackers reuse a Vercel employee's months-old Google Workspace OAuth grant to bypass MFA and exfiltrate customer environment variables. Disclosed April 2026, the fallout deepened through May.

May 12, 202612 min read

Supply Chain Attacks

Chrome Extension Cyberhaven Supply Chain Attack 2024

A technical retrospective on the 2024 Cyberhaven Chrome extension compromise: the phishing chain, the malicious OAuth flow, the exfiltration payload, and what actually changes browser-extension supply chain defense.

Mar 30, 20268 min read

AI Security

MCP Server Authorization Patterns in 2026

The Model Context Protocol shifted agent integration from custom glue to a standard surface. Authorization patterns that work, and the ones that keep biting teams.

Mar 19, 20266 min read

Incident Analysis

Microsoft Midnight Blizzard Source Code Theft 2024

Midnight Blizzard moved from email exfiltration to Microsoft source code repositories. The pivot from stolen OAuth tokens to code access is the supply chain lesson.

Feb 25, 20268 min read

Incident Analysis

Heroku OAuth Token Leak Postmortem and Lessons

A retrospective on the Heroku OAuth token incident, what the public timeline revealed about supply chain trust assumptions, and the durable lessons for platform teams.

Feb 18, 20265 min read

Incident Analysis

Salesloft Drift OAuth Breach: 700+ Salesforce Tenants Compromised

UNC6395 stole Salesloft Drift OAuth tokens to exfiltrate Salesforce data from more than 700 organisations including Cloudflare, Zscaler, and Palo Alto Networks in August 2025.

Sep 8, 20256 min read

AI Security

MCP 2025-06-18: OAuth Resource Server Rules Defenders Must Understand

The June 2025 MCP spec made every server an OAuth 2.1 resource server, mandated RFC 8707 resource indicators, and added elicitation. Here is what changes for blue teams.

Jul 9, 20256 min read

Stay informed

Weekly insights on software supply chain security, delivered to your inbox.