Do not get high(jacked) off your own supply (chain)

The report summarizes recent, large-scale supply chain attacks—notably malicious modification of popular libraries (Axios) and TeamPCP’s injection of malicious code into open-source projects including Trivy—highlighting fast-moving exploitation of vulnerabilities (React2Shell, Log4j), associated IoCs (Txt.Trojan.TeamPCP), and recommended defenses such as securing CI/CD pipelines, identity protection, MFA, segmentation, logging, and emergency response planning.