Software supply chain attacks hit record levels in 2025

A year-end security analysis “Securing the Software Supply Chain in 2026,” released by CleanStart highlights an emerging systemic risk in modern software development Drawing on multiple industry research sources, the report shows that software supply chain attacks more than doubled globally during 2025. It further notes that over 70% of organisations reported experiencing at least one third-party or software supply chain-related security incident. Upstream compromise is becoming a persistent and structural risk rather than an isolated threat.

Global losses from software supply chain attacks are projected to touch the $60 billion mark by year-end. October 2025 recorded the highest concentration of incidents, confirming sustained rather than episodic threat activity.

The attack surface has fundamentally changed. Threat actors are not targeting traditional security perimeters. Instead, they are compromising software at the source. In 2025, attacks entered organisations primarily during software assembly rather than deployment, shifting risk earlier in the lifecycle and ...