supply chain attack
A supply chain attack is like a criminal sneaking a poisoned ingredient into a trusted food supplier's warehouse so that when you buy your regular groceries, you unknowingly bring the poison into your own home.
A supply chain attack occurs when an adversary compromises a trusted third-party component, software dependency, or update mechanism to gain unauthorized access to a downstream target, bypassing the target's direct perimeter defenses.
A supply chain attack is a vector-based compromise wherein an adversary subverts the integrity of a trusted upstream entity—such as a software dependency, build pipeline, or distribution channel—to inject malicious code or artifacts into a target environment, effectively leveraging the implicit trust established between the vendor and the consumer to facilitate unauthorized access or exfiltration.