Software supply chain intrusions reached an unprecedented peak in October, surpassing previous monthly records by more than 30%, according to new research.

Cyble revealed in a blog post that threat actors on dark-web leak forums claimed 41 supply chain attacks in October—10 more than the earlier high recorded in April 2025. The report notes that supply chain incidents have more than doubled since April, with an average of 28 attacks per month, compared to the monthly average of 13 from early 2024 through March 2025. Cyble attributed the escalation to multiple factors.

The sharp rise has been fueled primarily by a “combination of critical and zero-day IT vulnerabilities and threat actors actively targeting SaaS and IT service providers,” Cyble wrote, adding that “the sustained increase suggests that the risk of supply chain attacks may remain elevated going forward.”

Additional contributors include cloud-security weaknesses and AI-powered phishing campaigns, with vishing also playing an important role in recent Scattered LAPSUS$ Hunters attacks on Salesforce environments.

All 24 industries monitored by Cyble experienced at least one supply chain breach this year, but IT and IT services firms were hit disproportionately. These organizations remain attractive to attackers due to their broad customer ecosystems and valuable access points. Cyble reported 107 supply chain attacks targeting IT companies so far this year—over three times more than those seen in financial services, transportation, technology, or government sectors.

Ransomware operations remain a major driver of this surge. Groups such as Qilin and Akira, which Cyble identified as the most active this year, have also carried out “an above-average share of supply chain attacks.”

Akira recently targeted a major open-source initiative, stealing 23GB of sensitive data including internal reports, confidential files, and issue-tracking information. Both Akira and Qilin have also compromised multiple IT providers serving high-risk verticals such as government, defense, intelligence, law enforcement, healthcare, energy, and finance. In one case, Qilin claimed to have obtained source code for proprietary tools used across public safety and security organizations.

Another Qilin incident involved breaching customers of a U.S. cybersecurity and cloud provider through “clear-text credentials stored in Word and Excel documents hosted on the company’s systems.”

A newer threat actor, Kyber, leaked more than 141GB of internal builds, databases, project files, and backups allegedly taken from a major U.S. aerospace and defense contractor specializing in communication and electronic warfare technologies.

Other notable October events included the Cl0p ransomware group's exploitation of Oracle E-Business Suite vulnerabilities and a breach involving Red Hat GitLab.

Cyble emphasized that mitigating supply chain threats is difficult because organizations inherently trust their vendors and partners. The firm stressed that security audits and third-party risk evaluations should become routine practice.

The researchers highlighted that the “most effective place to control software supply chain risks is in the continuous integration and development (CI/CD) process,” and advised that organizations thoroughly vet suppliers and enforce strong security requirements within contracts to strengthen third-party protection.