Broader threat trends surge

Cyberattacks are spreading through suppliers, browser add-ons, factory-control gear, and business software at the same time. (enisa.europa.eu) The European Union Agency for Cybersecurity said its 2025 threat landscape review covered 4,875 incidents from July 1, 2024, to June 30, 2025, and highlighted supply-chain compromise as a prominent tactic in attacks on digital infrastructure. (enisa.europa.eu) A supply-chain attack hits a vendor first and customers second, like poisoning a shared water line instead of breaking into one house. ReversingLabs said 2025 marked a turning point as software supply chains became a primary attack surface for both criminal and state-backed actors. (reversinglabs.com) Browser extensions are small third-party programs that can read and change what a user sees in the browser, which gives them unusual access to logins, pages, and session cookies. A 2025 arXiv study said researchers were able to bypass Chrome and Firefox review controls and publish malicious extensions in controlled tests. (arxiv.org) That risk is showing up in live cases. Cybernews reported on April 14, 2026, that Socket researchers identified 108 malicious Chrome extensions tied to one operator and said the campaign stole data and session tokens from thousands of users. (cybernews.com) Operational technology is the hardware and software that runs physical processes such as pumps, valves, conveyors, and power equipment. On April 7, 2026, the Cybersecurity and Infrastructure Security Agency said Iran-affiliated actors were exploiting internet-facing programmable logic controllers across several United States critical-infrastructure sectors. (cisa.gov) The advisory said the activity disrupted Rockwell Automation and Allen-Bradley programmable logic controllers by manipulating project files and data shown on human-machine interface and supervisory control and data acquisition screens, causing operational disruption and financial loss. (cisa.gov) Business software is part of the same picture because a remote-code-execution flaw lets an outsider run commands on a server from across the internet. The National Vulnerability Database says CVE-2025-31324 in SAP NetWeaver Visual Composer allowed unauthenticated file upload, carried a critical score of 9.8 from the National Institute of Standards and Technology, and was added to the Cybersecurity and Infrastructure Security Agency’s Known Exploited Vulnerabilities catalog on April 29, 2025. (nvd.nist.gov) SAP’s January 2026 Security Patch Day bulletin shows the pressure has not eased: it listed a 9.6 remote-code-execution flaw in SAP Wily Introscope Enterprise Manager and several other critical issues in SAP S/4HANA and related products. (support.sap.com) The third-party problem sits underneath all of this, because vendors, contractors, cloud tools, and open-source packages often hold the keys to many networks at once. The Government Accountability Office said in June 2025 that federal strategy now centers on replacing today’s cryptography with post-quantum cryptography that can resist future quantum attacks. (gao.gov) The National Institute of Standards and Technology says organizations should begin migrating now to quantum-resistant cryptography and plans to deprecate vulnerable algorithms by 2035, with high-risk systems moving earlier. The thread running through these warnings is simple: one weak dependency can now reach an entire fleet. (csrc.nist.gov)