This report is about ‘Invisible Attack: Hidden Risks Within the Organization’.
As of 2025, the global cybersecurity landscape has witnessed a sharp escalation in supply chain attacks, transforming them from isolated security incidents into systemic threats capable of disrupting critical business operations and global economic stability. While organizations continue to strengthen their internal defenses, threat actors have strategically shifted their focus toward third-party vendors, service providers, and software dependencies—exploiting the weakest links in the digital ecosystem.
Recent high-profile incidents have underscored the growing severity of this trend. The Nx supply chain attack involved malicious npm packages that targeted developer credentials, GitHub tokens, and SSH keys. In another significant event, the Salesforce-related breach exploited OAuth and refresh tokens, leading to unauthorized access to hundreds of CRM environments. The Oracle Cloud breach reportedly exposed over six million records, affecting more than 140,000 tenants, while the Zendesk incidents demonstrated that customer support infrastructures are increasingly becoming prime targets for exploitation.
These events collectively highlight that supply chain security is no longer a purely technical issue but a critical component of operational resilience and corporate governance. To mitigate these escalating risks, organizations must adopt a holistic approach to supply chain cybersecurity—integrating continuous vendor assessments, enhanced access management, and rigorous security validation across all third-party integrations.
We see the full picture of the evolving cyber threat landscape thanks to unique tools for monitoring the infrastructure used by cybercriminals and data from battlefields:
