Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
Attackers compromised the popular tj-actions/changed-files GitHub Action, injecting credential-stealing code that affected over 23,000 repositories. A textbook software supply chain attack.
Two years after the SolarWinds breach reshaped cybersecurity, we examine what the industry actually learned and what organizations still get wrong about supply chain security.
REvil exploited Kaseya's VSA platform to push ransomware to managed service providers and their customers. Up to 1,500 businesses were hit in a single weekend.
Alex Birsan's research showed how internal package names can be exploited to inject malicious code into corporate build systems. Here's how the attack works and how to defend against it.
Attackers modified Codecov's bash uploader script to steal environment variables from CI pipelines. Thousands of repositories were exposed for two months.
The SolarWinds attack compromised 18,000 organizations through a single tampered update. Six months later, here's what the industry should have learned.
Weekly insights on software supply chain security, delivered to your inbox.