AI-Enabled Supply Chain Attacks Surge 156% in 2024

First reported

11.11.2025 13:58

Last updated

1 unique sources, 1 articles

Summary

Hide ▲

AI-enabled supply chain attacks have surged 156% in the past year, with sophisticated malware exhibiting polymorphic, context-aware, and semantically camouflaged characteristics. Real-world attacks, such as the 3CX breach affecting 600,000 companies and the NullBulge Group's weaponization of Hugging Face and GitHub repositories, highlight the increasing threat. Traditional security tools struggle against these adaptive threats, necessitating new defensive strategies and regulatory compliance measures. The EU AI Act imposes stringent penalties for violations, emphasizing the need for organizations to adopt AI-aware security measures and implement immediate action plans to mitigate risks.

Timeline

11.11.2025 13:58 1 articles · 23h ago

AI-Enabled Supply Chain Attacks Surge 156% in 2024
AI-enabled supply chain attacks have surged 156% in the past year, with sophisticated malware exhibiting polymorphic, context-aware, and semantically camouflaged characteristics. Real-world attacks, such as the 3CX breach affecting 600,000 companies and the NullBulge Group's weaponization of Hugging Face and GitHub repositories, highlight the increasing threat. Traditional security tools struggle against these adaptive threats, necessitating new defensive strategies and regulatory compliance measures. The EU AI Act imposes stringent penalties for violations, emphasizing the need for organizations to adopt AI-aware security measures and implement immediate action plans to mitigate risks.
Show sources

CISO's Expert Guide To AI Supply Chain Attacks — thehackernews.com — 11.11.2025 13:58
Open in new tab

Information Snippets

AI-enabled supply chain attacks increased by 156% in the past year.
First reported: 11.11.2025 13:58

1 source, 1 article
Show sources
- CISO's Expert Guide To AI Supply Chain Attacks — thehackernews.com — 11.11.2025 13:58
AI-generated malware is polymorphic, context-aware, semantically camouflaged, and temporally evasive.
First reported: 11.11.2025 13:58

1 source, 1 article
Show sources
- CISO's Expert Guide To AI Supply Chain Attacks — thehackernews.com — 11.11.2025 13:58
The 3CX breach in 2023 affected 600,000 companies worldwide.
First reported: 11.11.2025 13:58

1 source, 1 article
Show sources
- CISO's Expert Guide To AI Supply Chain Attacks — thehackernews.com — 11.11.2025 13:58
NullBulge Group conducted supply chain attacks on Hugging Face and GitHub, distributing malicious code via Discord webhooks and delivering LockBit ransomware.
First reported: 11.11.2025 13:58

1 source, 1 article
Show sources
- CISO's Expert Guide To AI Supply Chain Attacks — thehackernews.com — 11.11.2025 13:58
The Solana Web3.js Library attack in December 2024 resulted in the theft of $160,000–$190,000 worth of crypto assets.
First reported: 11.11.2025 13:58

1 source, 1 article
Show sources
- CISO's Expert Guide To AI Supply Chain Attacks — thehackernews.com — 11.11.2025 13:58
Wondershare RepairIt vulnerabilities exposed sensitive user data through hardcoded cloud credentials.
First reported: 11.11.2025 13:58

1 source, 1 article
Show sources
- CISO's Expert Guide To AI Supply Chain Attacks — thehackernews.com — 11.11.2025 13:58
IBM's 2025 report shows breaches take an average of 276 days to identify, with AI-assisted attacks potentially extending this window.
First reported: 11.11.2025 13:58

1 source, 1 article
Show sources
- CISO's Expert Guide To AI Supply Chain Attacks — thehackernews.com — 11.11.2025 13:58
The EU AI Act imposes penalties of up to €35 million or 7% of global revenue for serious violations.
First reported: 11.11.2025 13:58

1 source, 1 article
Show sources
- CISO's Expert Guide To AI Supply Chain Attacks — thehackernews.com — 11.11.2025 13:58