Signal

March 2025 supply chain attacks compromise open source tools and IoT devices

Evidence first: scan the strongest sources, then decide whether to go deeper.

Published 2026-04-11 11:11 UTCUpdated 2026-04-11 14:20 UTC

redditrss

cveexploitssupply_chainmalwarethreat_actorsincident_response

Source links open

Source links and full evidence are open here. Archive history, compare-over-time, alerts, exports, API, integrations, and workflow are paid.

Back Evidence (2)Get the free brief by email Start free trial

No card needed for the free brief.

Evidence trail (top sources)

top sources (1 domains)

1 top source shown

Two different attackers poisoned popular open source tools - and showed us the future of supply chain compromise

The Register Security · News · go.theregister.com · 2026-04-11 11:11 UTC

limited source diversity in top sources

View all evidence

Overview

In March 2025, multiple supply chain attacks targeted prominent open source application security organizations and IoT devices. Three organizations—Xygeni, Aqua/Trivy, and Checkmarkx—were compromised via GitHub Actions.

Entities

XygeniAquaTrivyCheckmarkxTP-LinkASUSGitHub Actions

Score total

1.23

Momentum 24h

Posts

Origins

Source types

Duplicate ratio

Why now

Recent March 2025 incidents show increasing sophistication and scale of supply chain compromises.
The full impact of these attacks is still unfolding, highlighting the urgency for improved supply chain security.
These events underscore the need for continuous monitoring of both software and hardware supply chains.

Why it matters

Supply chain attacks can compromise widely used open source tools and IoT devices, impacting thousands of organizations.
Reused authentication secrets reveal operational security weaknesses exploitable across multiple targets.
Understanding these attacks helps organizations improve defenses and adopt measures like SBOMs to mitigate future risks.

LLM analysis

Topic mix: lowPromo risk: lowSource quality: medium

Recurring claims

Supply chain attacks compromised multiple open source application security organizations via GitHub Actions in March 2025.
Threat actors exploited TP-Link, ASUS, and other IoT devices to build residential SOCKS proxy networks using reused authentication secrets.

How sources frame it

Blueteamsec Reddit Post: neutral
The Register Security: neutral

Consolidated multiple sources to highlight the link between open source supply chain compromises and IoT exploitation in March 2025.

All evidence

TP-Link exploitation linked to Supply-Chain Attack

blueteamsec · reddit.com · 2026-04-11 14:20 UTC

Two different attackers poisoned popular open source tools - and showed us the future of supply chain compromise

The Register Security · go.theregister.com · 2026-04-11 11:11 UTC

Show filters & breakdown

Posts loaded: 0Publishers: 2Origin domains: 2Duplicates: -

Platform

Publisher

Origin domain

Relevance tier

Duplicates only

Showing 2 / 0

Top publishers (this list)

blueteamsec (1)
The Register Security (1)

Top origin domains (this list)

reddit.com (1)
go.theregister.com (1)