Storyline

March 2025 supply chain attacks compromise open source tools and IoT devices

In March 2025, multiple supply chain attacks targeted prominent open source application security organizations and IoT devices. Three organizations—Xygeni, Aqua/Trivy, and Checkmarkx—were compromised via GitHub Actions.

Published 2026-04-11 11:11 UTCUpdated 2026-04-11 14:20 UTC

Current brief openSource links open

This current storyline is open here with summary, metadata, source links, continuity context, and full evidence. Paid is for compare-over-time, alerts, exports, and workflow.

Back Evidence (2)Get the free brief by email Start free trial

No card needed for the free brief.

Evidence trail (top sources)

top sources (1 domains)

1 top source shown

Two different attackers poisoned popular open source tools - and showed us the future of supply chain compromise

The Register Security · News · go.theregister.com · 2026-04-11 11:11 UTC

limited source diversity in top sources

View all evidence

Overview

Score total

1.23

Momentum 24h

Posts

Origins

Source types

Duplicate ratio

Why now

Recent March 2025 incidents show increasing sophistication and scale of supply chain compromises.
The full impact of these attacks is still unfolding, highlighting the urgency for improved supply chain security.
These events underscore the need for continuous monitoring of both software and hardware supply chains.

Why it matters

Supply chain attacks can compromise widely used open source tools and IoT devices, impacting thousands of organizations.
Reused authentication secrets reveal operational security weaknesses exploitable across multiple targets.
Understanding these attacks helps organizations improve defenses and adopt measures like SBOMs to mitigate future risks.

Continuity snapshot

Trend status: insufficient_history.
Continuity stage: emerging_confirmed.
Current status: open.
2 current source-linked posts are attached to this storyline.

All evidence

TP-Link exploitation linked to Supply-Chain Attack

blueteamsec · reddit.com · 2026-04-11 14:20 UTC

Two different attackers poisoned popular open source tools - and showed us the future of supply chain compromise

The Register Security · go.theregister.com · 2026-04-11 11:11 UTC

Show filters & breakdown

Posts loaded: 0Publishers: 2Origin domains: 2Duplicates: -

Platform

Publisher

Origin domain

Relevance tier

Duplicates only

Showing 2 / 0

Top publishers (this list)

blueteamsec (1)
The Register Security (1)

Top origin domains (this list)

reddit.com (1)
go.theregister.com (1)