Supply chains, AI, and the cloud: The biggest failures (and one success) of 2025

In 2025, supply-chain attacks continued to plague organizations, with threat actors exploiting vulnerabilities in widely used software to compromise downstream users. One notable attack involved hackers inserting a backdoor into a code library used by developers of Solana-related software, resulting in financial gains for the attackers. Other significant supply-chain attacks included the seeding of a malicious package on a mirror proxy for the Go programming language, flooding the NPM repository with malicious packages, and compromising e-commerce companies through software developers. These attacks highlight the ongoing challenges in securing supply chains against cyber threats.