Third-Party Risk
Supply Chain Attack — Compromising Trusted Vendors to Reach Downstream Targets
A supply chain attack occurs when threat actors compromise a trusted vendor, software provider, or service to gain indirect access to downstream customers. This SECMONS glossary entry explains how supply chain attacks work, common techniques, and how defenders should reduce third-party risk.
Supply Chain Attacks: How Trusted Links Become Entry Points
Research analysis explaining how supply chain attacks compromise trusted software, service providers, and third-party relationships to infiltrate organizations at scale.