Supply-Chain-Attack

A supply chain attack occurs when threat actors compromise a trusted vendor, software provider, or service to gain indirect access to downstream customers. This SECMONS glossary entry explains how supply chain attacks work, common techniques, and how defenders should reduce third-party risk.

Expert technical analysis of CVE-2024-3094, the malicious backdoor discovered in XZ Utils release tarballs that affected liblzma and introduced a critical software supply-chain risk for Linux environments.

Analytical deep dive into modern supply chain attacks, including compromise vectors, real-world patterns, and defensive strategies against indirect intrusion paths.

Technical analysis of the SolarWinds supply chain breach in which attackers compromised the Orion software update process and deployed the SUNBURST backdoor to thousands of organizations worldwide.

Research analysis explaining how supply chain attacks compromise trusted software, service providers, and third-party relationships to infiltrate organizations at scale.

Technical explanation of supply chain attacks, a technique in which threat actors compromise trusted software vendors, service providers, or development pipelines in order to distribute malicious code to downstream organizations.