Supply Chain Attacks Really Are Surging

Software Supply Chain Providers Under Fire by Ransomware Rings, Nation-State Groups Mathew J. Schwartz (euroinfosec) • June 10, 2025

Hackers are doubling down on software supply chain attacks.

See Also: OnDemand | Transforming Third-Party Cyber Risk Management: From Compliance to Actionable, Automated, and Risk-Based Programs

Threat intelligence firm Cyble said such attacks occurred, on average, nearly 13 times per month last year, from February through September 2024. Starting in October, they surged to nearly 16 per month, staying steady into this year, before reaching nearly 25 attacks per month in April and May.

The firm's research is based on its own investigations as well as open source intelligence, meaning it's not complete; many attacks never get publicly reported. Even so, the direction of travel isn't positive.

In the first five months of this year, Cyble said roughly two thirds of the 79 software supply chain attacks it ...