Supply Chain Security Crisis: Too Many Vulnerabilities, Too Little Visibility

New vulnerabilities are being discovered too fast, the time-to-exploitation is too short, and our visibility into them is largely lacking.

The global interconnectivity of business, and the systems and software it uses, has elevated the supply chain and supply chain threats to a preeminent cybersecurity concern. A particular issue is that many organizations are unaware of their position within a supply chain and can be victimized through no active fault of their own.

The 2026 supply chain vulnerability report from Black Kite leads with the statement, ‘velocity without visibility is the new supply chain crisis’. Its analysis offers three primary takeaways:

more than 48,000 CVEs were published in 2025

the time to exploitation is now a negative number

Supply Chain Security Crisis: Too Many Vulnerabilities, Too Little Visibility

Other newsrooms on this story

Related reading

Ongoing supply chain attacks worm into SAP npm packages

When convenience becomes a backdoor: The hidden risk in your SaaS stack

Nearly a third of bosses report increase in cyber-attacks on their supply chains

Cybersecurity’s global alarm system is breaking down

Chinese control of lifesaving drugs is a threat to UK security

OpenAI caught in TanStack npm supply chain chaos after employee devices…