A supply chain attack is a cyberattack that targets the trusted systems, tools, or processes used by organizations to develop, build, or distribute software and hardware. Instead of attacking a company directly, cybercriminals compromise third-party vendors or service providers, injecting malicious code or vulnerabilities into products before they reach end users. This method can affect many organizations at once, as compromised updates or components are widely distributed, making detection and mitigation challenging. Recent high-profile incidents have shown how supply chain attacks can have widespread and severe consequences.