RL SSCS Report: A 2025 retrospective

ReversingLabs' 2026 Software Supply Chain Security Report reviews 2025 predictions and documents several real-world supply-chain attacks in 2025 — including the NullifAI campaign and malicious PyPI packages that abused Pickle/PyTorch model formats to deliver malware/infostealers, and the Shai-hulud npm worm that compromised over 1,000 packages and was tied to a Trust Wallet extension hack that resulted in ~$8.5M stolen — while also examining industry, government, and tooling responses and ongoing gaps in addressing Nth-party and AI/ML-related risks.