{"id":178467,"date":"2026-01-15T03:40:07","date_gmt":"2026-01-15T08:40:07","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/01\/15\/five-key-flaws-exploited-in-2025s-software-supply-chain-incidents\/"},"modified":"2026-01-15T03:40:11","modified_gmt":"2026-01-15T08:40:11","slug":"five-key-flaws-exploited-in-2025s-software-supply-chain-incidents","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/01\/15\/five-key-flaws-exploited-in-2025s-software-supply-chain-incidents\/","title":{"rendered":"Five Key Flaws Exploited in 2025\u2019s Software Supply Chain Incidents"},"content":{"rendered":"<p><a href=\"https:\/\/www.infosecurity-magazine.com\/news-features\/five-flaws-exploited-2025-software\/\">Five Key Flaws Exploited in 2025\u2019s Software Supply Chain Incidents<\/a><\/p>\n<p><a href=\"https:\/\/www.infosecurity-magazine.com\/news-features\/five-flaws-exploited-2025-software\/\">https:\/\/www.infosecurity-magazine.com\/news-features\/five-flaws-exploited-2025-software\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-01-12 23:30:14<\/a><\/p>\n<p>Source Domain: <a href=\"www.infosecurity-magazine.com\">www.infosecurity-magazine.com<\/a><\/p>\n<p>In 2025, the number of Common Vulnerabilities and Exposures (CVE) reports hit a new record, with nearly 46,000 disclosed vulnerabilities marking a significant increase from the previous year. According to cybersecurity experts, this surge, reported daily at an average rate of 130.4, shows a major security concern. Despite a decrease in critical and high-severity reports compared to the previous year, the heightened level of vulnerabilities and notable exploits indicates a substantial volume of significant threats. The article highlights five major software supply chain incidents that played pivotal roles in affecting organizations\u2019 security architectures and strategic frameworks in 2025, including the React2Shell vulnerability, Shai Hulud 2.0 supply chain attack, exploits of Oracle E-Business Suite by Clop, ToolShell attacks on SharePoint on-premises servers, and the reoccurrence of a high-severity Citrix Bleed vulnerability.<\/p>\n<p>Key Points:<br \/>\n&#8211; 2025 saw 45,777 CVE being reported, representing a 19% growth compared to 2024.<br \/>\n&#8211; Significant incidents include React2Shell affecting React server component and Shai Hulud 2.0 impacting numerous npm packages.<br \/>\n&#8211; Exploitation of Oracle E-Business Suite by Clop led to data extraction from several large enterprises.<br \/>\n&#8211; ToolShell exploited SharePoint vulnerabilities, targeting government and healthcare sectors.<br \/>\n&#8211; CitrixBleed 2, similar to the previous CitrixBleed flaw, affected NetScaler devices allowing attackers to bypass authentication.<br \/><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Five Key Flaws Exploited in 2025\u2019s Software Supply Chain Incidents https:\/\/www.infosecurity-magazine.com\/news-features\/five-flaws-exploited-2025-software\/ Publish Date: 2026-01-12 23:30:14&#8230;<\/p>\n","protected":false},"author":1,"featured_media":178469,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/assets.infosecurity-magazine.com\/webpage\/og\/04e30a48-b1f9-47bb-9d7a-9b95dc3305b6.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[24,27],"class_list":["post-178467","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cybersecurity","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/178467"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=178467"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/178467\/revisions"}],"predecessor-version":[{"id":178471,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/178467\/revisions\/178471"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/178469"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=178467"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=178467"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=178467"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}