New! The 2025 Software Supply Chain Security Report
Don’t Miss It!
Learn the 6 Critical Risks to Identify in your Software Supply Chain
Register now
Looking for an alternative to VirusTotal? We've got you covered.
Learn More
3rd Annual

The 2025 Software Supply Chain Security Report

Attacks Grow in Sophistication - Targeting AI, Crypto, Open Source, and Commercial Software

Software supply chain attacks are an increasingly popular tool for malicious actors — including cybercriminal groups and nation-state hackers. And the rapid embrace of AI and machine learning (ML) by both enterprises and software producers is introducing new supply chain risks to those organizations.  

Download this report to learn more about:

  • AI and cryptocurrency vulnerabilities being targeted
  • Exposures in third-party commercial software
  • How software supply chain attacks became more sophisticated
  • The growing secrets exposure in open-source
  • The gaps and limitations in CVE data
  • Key trends shaping software security in 2025

Download Now

Software supply chain is one of the biggest challenges that we face as an industry. We really need to be able to know how much we trust that piece of software.

Tim Brown | CISO
solarwinds-logo-black-2
sophisticated-attacks

Attacks Become More Sophisticated

Software supply chain attacks are becoming more sophisticated. In 2024, malicious actors zeroed in on build pipelines and prominent open-source projects in an effort to gain access to sensitive organizations and IT environments. 

Third-Party Commercial Software Risks Go Unchecked

Cybercriminals and nation states continue to target and exploit endemic weaknesses in black-box, commercial-software binaries. RL analyzed 30 widely used commercial-software binaries, with many receiving a failing grade because they contained flaws. 

Crypto Attacks a Common Theme

Supply chain attacks on cryptocurrency applications and infrastructure were frequent. RL notes 23 attacks where attackers sought (and got) access to sensitive IT assets and diverted funds from cryptocurrency wallets. 

Serious Risks Lurk in Popular OSS

RL surveyed top packages across three major open-source repositories: npm, PyPI, and RubyGems.

CVE Reporting System Leaves Exposures

2024 saw the Common Vulnerabilities and Exposures (CVE) system for tracking software flaws falter, missing critical information needed by security teams.

Related Content