two separate supply chain compromises were reported in the same cycle: a breach of the wpfactory plugin distributor pushed malicious code to approximately 170,000 wordpress sites via trusted update channels, and the klue competitor intelligence platform was compromised with oauth tokens and salesforce credentials exfiltrated in a multi-stage attack. supply chain as attack vector — where trust in the distribution mechanism is exploited rather than the end target — appearing twice in one cycle is a pattern worth recording.