Incident Analysis
Change Healthcare Ransomware 2024: Deep Dive
The Change Healthcare ransomware attack knocked US healthcare payments offline for weeks. A missing MFA on a Citrix portal was the root cause United confirmed.
Mar 5, 20267 min read
Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
The Change Healthcare ransomware attack knocked US healthcare payments offline for weeks. A missing MFA on a Citrix portal was the root cause United confirmed.
Volt Typhoon is pre-positioning inside U.S. critical infrastructure using living-off-the-land tradecraft and third-party access. Here is what defenders should do about it.
Midnight Blizzard (APT29, Cozy Bear) has refined long-dwell supply chain access into an operational art. Here is what their 2023-2025 pattern looks like to defenders.
DPRK operatives have placed themselves inside Western companies as remote developers. Here is how that pattern functions as a supply chain threat and how to detect it.
The Black Basta chat leak gave defenders a rare inside view of how a ransomware program operates. Here are the durable engineering lessons to take from it.
Operation Cronos disrupted LockBit's infrastructure but not the underlying affiliate economy. Here is what actually changed and what defenders should take from it into 2026.
CVE-2024-37085 abuses ESXi's AD domain join to grant admin via a specially named group. Exploitation by Akira and Black Basta, detection, and fix.
FIN7 built tooling that made its social engineering feel like a SaaS product. Here is how its 2024 tradecraft blended malvertising, fake tools, and credential theft into a supply chain attack.
Lazarus turned a developer's personal machine into a corporate build-system compromise. Here is how that cascade actually worked and what it teaches about build-system trust.
Weekly insights on software supply chain security, delivered to your inbox.