Third-party cyber threats are not new, but they are growing rapidly in sophistication and impact, with vendors, contractors and cloud services now implicated in 30 percent of all data breaches according to Verizon’s 2025 Data Breach Investigations Report — double the 15 percent figure from a year earlier. In September, a self-replicating worm dubbed Shai-Hulud emerged as one of the first successful worm-driven supply chain attacks targeting open-source software, compromising more than 500 packages. After establishing initial access and deploying its payload, Shai-Hulud actively scanned for sensitive credentials including GitHub Personal Access Tokens (PATs) and API keys for cloud services such as Amazon Web Services, Google Cloud Platform and Microsoft Azure.
The incident illustrates how the expanding presence of highly interconnected vendors, contractors and software-as-a-service (SaaS) platforms inside supply chains is contributing to a sharp rise in breach activity. Vendors — whether they enforce security effectively or not — frequently hold direct access to the core systems of their customers and partners, and attackers will always look to exploit the weakest link. The problem is compounded by the rise of shadow IT, where business units and individual users adopt external tools outside the visibility or approval of central IT.
Together, these dynamics produce a domino effect: a single weak link cascades through layered vulnerabilities across a network of trusted partners, often becoming entrenched before security teams even realize the first domino has fallen. Attackers commonly gain initial access through five recurring blind spots, including bypassing multi-factor authentication (MFA), abusing stale API keys, exploiting the lack of redundant access paths, and taking advantage of undocumented protocols.
From a supply chain standpoint, the foundation of defense is rigorous vendor inventory, real-time access monitoring, least-privilege enforcement, scheduled credential rotation, and mandatory SBOM (Software Bill of Materials) governance. Managing open-source dependencies through signed packages, automated scanning, and a zero trust architecture is essential to limit the spread of worms such as Shai-Hulud. Preparing today for AI-enabled attack scenarios is no longer optional — it is a structural requirement to keep tomorrow’s domino effect contained.
