blue cubes
3rd Annual

The 2025 Software Supply Chain Security Report

Attacks are growing in sophistication - targeting AI, crypto, open source, and commercial software

Software supply chain attacks are an increasingly popular tool for malicious actors — including cybercriminal groups and nation-state hackers. And the rapid embrace of AI and machine learning (ML) by both enterprises and software producers is introducing new supply chain risks to those organizations.  

Download this report to learn more about:

  • AI and cryptocurrency vulnerabilities being targeted
  • Exposures in third-party commercial software
  • How software supply chain attacks became more sophisticated
  • The growing secrets exposure in open-source
  • The gaps and limitations in CVE data
  • Key trends shaping software security in 2025

Spectra Assure Free Trial

Get your 14-day free trial of Spectra Assure for Software Supply Chain Security

Get Free TrialMore about Spectra Assure Free Trial
Blog
Events
About Us
Webinars
In the News
Careers
Demo Videos
Cybersecurity Glossary
Contact Us
reversinglabsReversingLabs: Home
Privacy PolicyCookiesImpressum
All rights reserved ReversingLabs © 2026
XX / TwitterLinkedInLinkedInFacebookFacebookInstagramInstagramYouTubeYouTubeblueskyBlueskyRSSRSS
Back to Top

Attacks Become More Sophisticated

Software supply chain attacks are becoming more sophisticated. In 2024, malicious actors zeroed in on build pipelines and prominent open-source projects in an effort to gain access to sensitive organizations and IT environments. 

black and red cubes with red lines going through

Third-Party Commercial Software Risks Go Unchecked

Cybercriminals and nation states continue to target and exploit endemic weaknesses in black-box, commercial-software binaries. RL analyzed 30 widely used commercial-software binaries, with many receiving a failing grade because they contained flaws. 

cube

Crypto Attacks a Common Theme

Supply chain attacks on cryptocurrency applications and infrastructure were frequent. RL notes 23 attacks where attackers sought (and got) access to sensitive IT assets and diverted funds from cryptocurrency wallets. 

Average Flaws in Popular Packages

Serious Risks Lurk in Popular OSS

RL surveyed top packages across three major open-source repositories: npm, PyPI, and RubyGems.

PyPi vs NPM Security

CVE Reporting System Leaves Exposures

2024 saw the Common Vulnerabilities and Exposures (CVE) system for tracking software flaws falter, missing critical information needed by security teams.

NVD Enrichment of CVEs
GET THE FULL REPORT
ReversingLabs: The More Powerful, Cost-Effective Alternative to VirusTotalSee Why
Skip to main content
Contact UsSupportLoginBlogCommunity
reversinglabs

Related Content

ReversingLabs: Home
Solutions
Secure Software OnboardingSecure Build & ReleaseProtect Virtual MachinesIntegrate Safe Open SourceGo Beyond the SBOM
Increase Email Threat ResilienceDetect Malware in File Shares & StorageAdvanced Malware Analysis SuiteICAP Enabled Solutions
Scalable File AnalysisHigh-Fidelity Threat IntelligenceCurated Ransomware FeedAutomate Malware Analysis Workflows
Products & Technology
Spectra Assure®Software Supply Chain SecuritySpectra DetectHigh-Speed, High-Volume, Large File AnalysisSpectra AnalyzeIn-Depth Malware Analysis & Hunting for the SOCSpectra IntelligenceAuthoritative Reputation Data & Intelligence
Spectra CoreIntegrations
Industry
Energy & UtilitiesFinanceHealthcareHigh TechPublic Sector
Partners
Become a PartnerValue-Added PartnersTechnology PartnersMarketplacesOEM Partners
Alliances
Resources
BlogContent LibraryCybersecurity GlossaryConversingLabs PodcastEvents & WebinarsLearning with ReversingLabsWeekly Insights Newsletter
Customer StoriesDemo VideosDocumentationOpenSource YARA Rules
Company
About UsLeadershipCareersSeries B Investment
EventsRL at RSAC
Press ReleasesIn the News
Pricing
Software Supply Chain SecurityMalware Analysis and Threat Hunting
Request a demo
Menu

Software supply chain is one of the biggest challenges that we face as an industry. We really need to be able to know how much we trust that piece of software.

Tim Brown | CISOsolarwinds logo black text
2025 gartner market guide software supply chain security

Software Supply Chain Security | 2025 Gartner® Market Guide

See what product and application security teams need to know to protect against software supply chain compromises.

Learn More about Software Supply Chain Security | 2025 Gartner® Market Guide
Software Supply Chain Security | 2025 Gartner® Market Guide
sscs for dummies

Software Supply Chain Security for Dummies

Understand the why, the how — and what actions your organization should take — in the new era of security.

Learn More about Software Supply Chain Security for Dummies
Software Supply Chain Security for Dummies
The State of Software Supply Chain Security 2024

The State of Software Supply Chain Security 2024

Learn More about The State of Software Supply Chain Security 2024
The State of Software Supply Chain Security 2024
Download Now