Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
Carnival confirmed a breach affecting nearly 6 million people on May 28, 2026, after an attacker socially engineered an employee into granting access to its IT environment. Here is the verified chain and what defenders should do.
Microsoft detailed a polished phishing campaign that weaponized fake HR 'code of conduct' investigations to steal session tokens via adversary-in-the-middle proxies, bypassing MFA across 13,000+ organizations in 26 countries.
Okta's cross-tenant impersonation advisory and related social-engineering campaigns exposed how identity providers get targeted. Lessons for defenders.
In June 2025 Scattered Spider pivoted from UK retail to US insurance, hitting Erie Insurance, Philadelphia Insurance, and Aflac inside a week. Aflac later confirmed 22.6 million people affected. We unpack the campaign.
In May 2025 Coinbase disclosed that contractor support agents at TaskUs had been bribed to leak customer data for months. We unpack the insider-threat supply-chain anatomy and what crypto and fintech defenders must change.
In late April 2025 the Co-operative Group joined Marks & Spencer and Harrods as victims of a DragonForce-affiliated cluster that targeted UK retail through helpdesk social engineering. We unpack the playbook and what retailers must change.
Mailchimp disclosed three social-engineering-driven intrusions in thirteen months; the timeline illustrates how repeated incidents shape vendor trust.
AI-generated deepfakes are making social engineering attacks against software supply chains more convincing and harder to detect.
Twilio disclosed two social engineering incidents in 2022 that cascaded through its customer base; the supply chain lessons remain relevant for any B2B vendor.
Weekly insights on software supply chain security, delivered to your inbox.