Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Key takeaways Most modern software isn’t built from scratch. It’s assembled from dozens, sometimes hundreds, of external components like open-source libraries, third-party APIs, CI/CD tools, build scripts, and deployment pipelines. This entire ecosystem is what we call the software supply chain. Similar to a physical supply chain, if one weak link breaks, the whole system is at risk.

As more details of the April ransomware attack on UK retailer Marks and Spencer are made public, we are directly witnessing the cascading repercussions that organizations face when victimized by a well-thought-out and properly executed attack. In the specific case of M&S, the UK retailer is dealing with a supply chain attack, as M&S CEO Stewart Machin confirmed in a published report.

When people hear "supply chain attack," their minds often go to headline-grabbing breaches. But while analysts, CISOs, and journalists dissect those incidents, a more tactical and persistent wave of attacks has been unfolding in parallel; one that's laser-focused on small businesses as the point of entry. This isn't collateral damage. It's by design.

The RSA Conference 2025 at the Moscone Center in San Francisco on April 28 – May 1, brought together over 44,000 cybersecurity professionals from around the world. This year’s event, marking the 34th annual flagship conference, placed significant emphasis on software supply chain security and secure software development lifecycle (SDLC) practices. From the keynotes, speaking sessions, and 1:1 conversations I had on the show floor, there were eight key themes that came up over and over again.

A supply chain attack does not start with your firewall. It starts with someone else’s. Instead of targeting your company directly, a cyber attacker looks for weak spots in your organization’s supply chain. That could be a trusted third-party vendor, a widely used software supplier, or even an outdated package from an open-source code repository. Once they find an opening, they exploit security vulnerabilities to gain access to your systems without ever going through the front door.

On 5 May, 16:00 GMT+0, our automated malware analysis pipeline detected a suspicious package released, rand-user-agent@1.0.110. It detected unusual code in the package, and it wasn’t wrong. It detected signs of a supply chain attack against this legitimate package, which has about ~45.000 weekly downloads.

At 21 Apr, 20:53 GMT+0, our system, Aikido Intel started to alert us to five new package version of the xrpl package. It is the official SDK for the XRP Ledger, with more than 140.000 weekly downloads. We quickly confirmed the official XPRL (Ripple) NPM package was compromised by sophisticated attackers who put in a backdoor to steal cryptocurrency private keys and gain access to cryptocurrency wallets.

The energy sector stands as a critical pillar of our society. From the electricity powering our homes to the fuel driving our industries, reliable energy is essential. However, the very interconnectedness that makes the energy sector so vital also exposes it to significant vulnerabilities, particularly within its supply chain. The Interconnected Web of Energy The energy sector is a complex web of systems, stretching far beyond power plants and wind farms.

In the contemporary digital era, supply chains have transcended their traditional role as mere logistical networks. They have evolved into pivotal ecosystems that underpin the success of modern businesses. Nevertheless, as these intricate systems undergo digital transformation, they have become increasingly vulnerable to cyberattacks.