Supply chain security covers the threats targeting the software, hardware, and vendor relationships organizations depend on. Coverage of NPM and PyPI package compromises, software publisher intrusions, hardware tampering, SBOM-driven defense, and how attackers leverage trust relationships to reach high-value downstream targets.
January 2026 set a record pace with 2,090 cyberattacks per week — a 17% year-over-year increase. Nike's 1.4TB IP leak, Match Group vishing, and Trust Wallet's supply chain attack defined a month where intellectual property became the new target.
December 2025 closed the year with a third-party pandemic — where supply chain trust became the primary attack vector. Coupang insider breach, Oracle EBS zero-day exploit, and holiday ransomware timing defined the month's cyber landscape.
Third-party contractors operate inside your systems but outside your identity controls, creating an access gap attackers actively exploit. This newsletter examines why external identities carry insider-level risk and how organizations can close the gap with proper access governance.
State-sponsored cyber actors backed by national governments conduct sophisticated attacks against critical infrastructure and private industry. These actors have vast resources, advanced tooling, and geopolitical motivations that make them uniquely dangerous adversaries.
