In 2026, we saw a sharp increase in large-scale, professional, and highly sophisticated software supply chain attacks. The Aikido Security research team was the first to uncover multiple major incidents, including the Shai-Hulud self-propagating worm, the largest mass compromise of npm packages involving debug and chalk, and even the compromise of an official XRP cryptocurrency SDK. These weren’t isolated mistakes; they signaled a fundamental shift in how supply chain attacks are designed and scaled. In this talk, we break down what these real-world discoveries revealed about modern attacker tradecraft: how worms spread, why tokens are the real target, and how trust is systematically exploited across registries, repositories, IDE extensions, and CI pipelines. Together, these cases show how supply chain attacks have become industrialized, and why the ecosystem is struggling to keep up.