Software Supply Chain Attacks Doubled in 2025, Report Finds
Over 70% of organizations experienced software supply chain security incidents in 2025, with attacks hitting record levels in October and increasingly targeting CI/CD pipelines.
A new industry report reveals that over 70% of organizations experienced at least one third-party or software supply chain-related security incident in 2025, representing a dramatic increase from previous years. Software supply chain attacks surged to record levels, with October 2025 alone seeing 41 recorded attacks—more than 30% higher than the previous peak.
Attack Entry Points
The research identified three primary attack vectors: 35% of attacks originated through compromised software dependencies, 22% targeted CI/CD pipelines and build environments, and 20% involved poisoned or unverified container images. This shift toward earlier-stage attacks during software assembly rather than deployment represents a significant evolution in threat tactics, forcing organizations to rethink security beyond traditional perimeter defenses.
Visibility Gap
Fewer than 50% of enterprises currently monitor more than half of their extended software supply chain, creating significant exposure to upstream compromises. This visibility gap means that many organizations cannot quickly determine whether a newly disclosed vulnerability in an open source component affects their systems—the same challenge exposed during the Log4Shell incident in 2021 that many teams have still not fully addressed.
Shifting to Continuous Verification
The findings emphasize the urgent need for organizations to shift from periodic security checks to continuous verification processes. This includes implementing Software Bills of Materials (SBOMs), signing and verifying software artifacts throughout the build pipeline, and monitoring third-party dependencies for known vulnerabilities in real time. The EU Cyber Resilience Act, which fully applies from late 2026, will mandate many of these practices for software sold in European markets.
Related Articles
Cloudflare 2026 Threat Report: 230 Billion Daily Blocked Threats and the Rise of Credential Attacks
Cloudflare has published its inaugural annual threat report revealing the company blocks over 230 billion threats daily across 20% of global web traffic. DDoS attacks doubled year-over-year to 47.1 million incidents, with the largest reaching a record 31.4 Tbps, while bots now account for 94% of all login attempts.
HashiCorp Patches Consul Arbitrary File Read Vulnerability in Kubernetes Auth
HashiCorp has released emergency patches for Consul to address CVE-2026-2808, a medium-severity vulnerability allowing arbitrary file reads when Kubernetes authentication is enabled. The fix also adds HTTP server timeouts to prevent Slowloris denial-of-service attacks against Consul agent endpoints.
Let's Encrypt Now Issues Six-Day Certificates and IP Address Certificates via Certbot
Let's Encrypt and the EFF have announced support for six-day (160-hour) certificates and IP address certificates through Certbot 5.3 and 5.4. The ultra-short-lived certificates reduce the impact window of compromised keys by design, while IP address certificates enable HTTPS for services identified by address rather than hostname.