Supply chain cyberattacks are bypassing internal defences by exploiting trusted third-party suppliers. From the XZ Utils backdoor to the Marks and Spencer MoveIt breach, recent incidents show how attackers weaponise the supplier network to reach organisations indirectly.