Supply Chain Attacks Quadruple as Cybercriminals Exploit Trusted Third Parties
Over the past five years, supply chain and third-party breaches have surged, with incidents increasing fourfold, according to IBM’s X-Force Threat Intelligence Index 2026. Attackers are shifting tactics, bypassing direct defenses by targeting interconnected systems vendors, open-source dependencies, CI/CD pipelines, and cloud interfaces to gain indirect access to customer environments. Recent attacks on platforms like Salesloft and Drift, where compromised OAuth tokens enabled access to Salesforce environments, highlight how breaches of trusted partners can cascade across organizations.
The report reveals a 44% year-over-year rise in public-facing application exploits, driven by vulnerabilities, misconfigurations, and supply chain attacks on development ecosystems. Despite advancements in AI-driven security tools, 56% of the nearly 40,000 tracked vulnerabilities in 2025 required no authentication to exploit, underscoring persistent gaps in basic cybersecurity hygiene. Experts attribute these failures to inconsistent implementation of foundational controls at scale.
North America became the most targeted region in 2025, accounting for 29% of X-Force incident response cases up from 24% in 2024 while Asia Pacific’s share dropped from 34% to 27%. The shift reflects North America’s central role in global supply chains, where a single compromise can provide downstream access to multiple partners. Meanwhile, stronger identity controls and network segmentation in parts of Asia Pacific appear to be raising the cost of attacks, pushing adversaries toward easier targets.
AI-driven tools are creating new attack surfaces, with over 300,000 ChatGPT credentials found for sale on the dark web in 2025. Open-source AI agent platforms like OpenClaw have emerged as security risks, as their data access requirements introduce insider threat-like vulnerabilities. Infostealer malware targeting AI chatbot credentials is an escalating concern, with attackers leveraging AI-assisted phishing to harvest credentials at scale.
To mitigate risks, experts emphasize parallel priorities: rapid patching of unauthenticated flaws to reduce initial access risks, and identity hardening including phishing-resistant MFA, least-privilege access, and continuous authentication monitoring to limit lateral movement. Organizations face a strategic choice: vertically integrate supply chains to control every component or accept ecosystem complexity and focus on detection and response. However, solutions like transparency remain limited, as many organizations lack the expertise to act on visibility alone.
The report concludes that while sophisticated threats exist, most breaches stem from preventable gaps valid credentials, unpatched vulnerabilities, and poor asset management. As one analyst noted, attackers “don’t need zero-days; they just need valid credentials and patience.” The trend underscores that cybersecurity hygiene remains the first line of defense, even in an era of AI-driven threats.
Source: https://www.ibm.com/think/insights/more-2026-cyberthreat-trends
Salesloft cybersecurity rating report: https://www.rankiteo.com/company/salesloft
"id": "SAL1773146582",
"linkid": "salesloft",
"type": "Cyber Attack",
"date": "1/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Software/SaaS',
'name': 'Salesloft',
'type': 'Third-party vendor'},
{'industry': 'Software/SaaS',
'name': 'Drift',
'type': 'Third-party vendor'},
{'industry': 'Various',
'location': 'North America (29% of cases), Asia '
'Pacific (27% of cases)',
'type': 'Organizations using Salesforce'}],
'attack_vector': ['Compromised OAuth tokens',
'Exploited vulnerabilities in public-facing applications',
'Misconfigurations',
'Open-source dependencies',
'CI/CD pipelines',
'Cloud interfaces'],
'data_breach': {'data_exfiltration': ['Yes (data sold on dark web)'],
'number_of_records_exposed': ['Over 300,000 ChatGPT '
'credentials found on dark web'],
'personally_identifiable_information': ['Credentials',
'Potentially PII from '
'compromised '
'environments'],
'sensitivity_of_data': ['High (credentials, PII, access '
'tokens)'],
'type_of_data_compromised': ['OAuth tokens',
'Credentials',
'Customer environment data']},
'description': 'Over the past five years, supply chain and third-party '
'breaches have surged, with incidents increasing fourfold. '
'Attackers are targeting interconnected systems vendors, '
'open-source dependencies, CI/CD pipelines, and cloud '
'interfaces to gain indirect access to customer environments. '
'Recent attacks on platforms like Salesloft and Drift, where '
'compromised OAuth tokens enabled access to Salesforce '
'environments, highlight cascading breaches across '
'organizations.',
'impact': {'data_compromised': ['OAuth tokens',
'Credentials (e.g., ChatGPT credentials)',
'Customer environments data'],
'identity_theft_risk': ['High (due to compromised credentials and '
'PII)'],
'operational_impact': ['Cascading breaches across interconnected '
'organizations',
'Lateral movement within compromised '
'environments'],
'systems_affected': ['Salesforce environments',
'Third-party platforms (e.g., Salesloft, '
'Drift)',
'AI agent platforms (e.g., OpenClaw)',
'CI/CD pipelines',
'Cloud interfaces']},
'initial_access_broker': {'data_sold_on_dark_web': ['Over 300,000 ChatGPT '
'credentials'],
'entry_point': ['Compromised third-party vendors',
'Public-facing applications',
'Open-source dependencies'],
'high_value_targets': ['Salesforce environments',
'AI agent platforms']},
'lessons_learned': 'Most breaches stem from preventable gaps such as valid '
'credentials, unpatched vulnerabilities, and poor asset '
'management. Attackers leverage basic tactics like '
'credential harvesting and exploitation of unauthenticated '
'flaws rather than zero-days. Cybersecurity hygiene '
'remains the first line of defense.',
'motivation': ['Financial gain', 'Data exfiltration', 'Credential harvesting'],
'post_incident_analysis': {'corrective_actions': ['Rapid patching of '
'unauthenticated flaws',
'Identity hardening '
'(phishing-resistant MFA, '
'least-privilege access)',
'Network segmentation',
'Enhanced monitoring of '
'third-party vendors',
'Improved cybersecurity '
'hygiene and asset '
'management'],
'root_causes': ['Unauthenticated vulnerabilities '
'(56% of tracked vulnerabilities '
'in 2025)',
'Misconfigurations',
'Poor asset management',
'Inconsistent implementation of '
'foundational cybersecurity '
'controls',
'Over-reliance on third-party '
'vendors without adequate security '
'oversight']},
'recommendations': ['Rapid patching of unauthenticated flaws to reduce '
'initial access risks',
'Identity hardening (phishing-resistant MFA, '
'least-privilege access, continuous authentication '
'monitoring)',
'Network segmentation to limit lateral movement',
'Enhanced monitoring of third-party vendors and supply '
'chain dependencies',
'Strategic choice between vertical integration of supply '
'chains or improved detection and response capabilities',
'Improved asset management and basic cybersecurity '
'hygiene'],
'references': [{'source': 'IBM X-Force Threat Intelligence Index 2026'}],
'response': {'network_segmentation': ['Implemented in parts of Asia Pacific'],
'remediation_measures': ['Rapid patching of unauthenticated '
'flaws',
'Identity hardening (phishing-resistant '
'MFA, least-privilege access, '
'continuous authentication '
'monitoring)']},
'title': 'Supply Chain Attacks Quadruple as Cybercriminals Exploit Trusted '
'Third Parties',
'type': ['Supply Chain Attack', 'Third-Party Breach'],
'vulnerability_exploited': ['Unauthenticated vulnerabilities (56% of tracked '
'vulnerabilities in 2025)',
'Misconfigurations']}