Supply Chain Attack

An attack that targets the software supply chain -- compromising a dependency, build tool, or distribution channel rather than the target application directly. The SolarWinds breach (2020) and xz-utils backdoor (2024) are high-profile examples. Supply chain attacks are particularly dangerous because the compromised component arrives through trusted channels, bypassing most security controls.