Attackers Optimize Classic Vectors At New Scale

Moshe Siman Tov Bustan of OX warns in 2025 that attackers are optimizing longstanding tactics—supply chain compromises, phishing, and malicious browser extensions—rather than inventing novel vectors. He cites the Shai Hulud NPM and XZ Utils incidents, notes packages with tens of millions of downloads were poisoned, and urges fixes to permissions models, supply-chain verification, and phishing-resistant authentication.
Key Points
- 1Highlight attackers exploit classic vectors—supply-chain, phishing, and extensions—with greater automation and efficiency
- 2Explain AI collapse of barrier to entry enables solo operators to scale supply-chain attacks quickly
- 3Recommend prioritizing permissions models, supply-chain verification, and phishing-resistant authentication by default
Scoring Rationale
Strong industry-wide relevance and actionable mitigations, limited by single-source contributed analysis rather than broad empirical study.
Sources
Public references used for this report.
Practice interview problems based on real data
1,625 SQL & Python problems across 15 industry datasets — the exact type of data you work with.
Try 250 free problems

