GLOSSARY / Supply-Chain Attack

What is Supply-Chain Attack?

Compromising a trusted vendor, library, or update mechanism to reach its downstream customers.

Instead of attacking a target directly, adversaries poison a dependency it trusts — a software update (SolarWinds), an open-source package, or a build pipeline. One compromise can cascade to thousands of victims.

Software bills of materials (SBOM) and dependency verification help.

Related free tools

Hash Reputation →

Related terms

Backdoor Malware

Part of the Ciphers Security glossary. Free reference for analysts, defenders & learners.