Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Cyberattacks on supply chains in 2025 have become more frequent and severe, moving from isolated incidents to major multi-sector crises. These crises involve data theft in software patches, ransomware disrupting food, pharmaceutical, and financial pipelines. As attackers target vendors as entry points, defensive measures must adapt. This includes enhanced vendor vetting, code provenance controls, firmware security, and robust third-party risk response.

Software complexity is increasing at unprecedented levels. The average software supply chain now contains artifacts from open-source repositories, internally developed code, software developed by third-parties, and commercial-off-the-shelf (COTS) software. All of this combines to run your business. The questions surrounding the software supply chain range from its visibility to its trustworthiness to the origin of the bits and bytes. The 2025 LevelBlue Data Accelerator.

One of the most dangerous aspects of the dark web is that it provides like-minded threat actors a haven to gather, discuss, develop, and sell access to technology companies, which are often the first link in a supply chain attack. Alternatively, it's an environment where those looking to enter the world of cybercrime and initiate a third-party attack can buy the tools necessary to begin their operation. Trustwave SpiderLabs report Technology Industry Deep Dive.

I hear a lot these days about SBOMs and how they are going to be the key to supply chain security accountability, to even include a Presidential Executive Order mandating SBOMs in the procurement process for federal agencies. There are multiple areas of research going on in this area, such as this Academic SBOM Repository. But before we get too far down the road, let’s get one thing straight: SBOM isn’t going to save us. It’s a transparency tool, not a solution.

Key takeaways Most modern software isn’t built from scratch. It’s assembled from dozens, sometimes hundreds, of external components like open-source libraries, third-party APIs, CI/CD tools, build scripts, and deployment pipelines. This entire ecosystem is what we call the software supply chain. Similar to a physical supply chain, if one weak link breaks, the whole system is at risk.

As more details of the April ransomware attack on UK retailer Marks and Spencer are made public, we are directly witnessing the cascading repercussions that organizations face when victimized by a well-thought-out and properly executed attack. In the specific case of M&S, the UK retailer is dealing with a supply chain attack, as M&S CEO Stewart Machin confirmed in a published report.

When people hear "supply chain attack," their minds often go to headline-grabbing breaches. But while analysts, CISOs, and journalists dissect those incidents, a more tactical and persistent wave of attacks has been unfolding in parallel; one that's laser-focused on small businesses as the point of entry. This isn't collateral damage. It's by design.

The RSA Conference 2025 at the Moscone Center in San Francisco on April 28 – May 1, brought together over 44,000 cybersecurity professionals from around the world. This year’s event, marking the 34th annual flagship conference, placed significant emphasis on software supply chain security and secure software development lifecycle (SDLC) practices. From the keynotes, speaking sessions, and 1:1 conversations I had on the show floor, there were eight key themes that came up over and over again.