More than a small kerfuffle. A supply chain attack by a state actor, believed to be China, resulted in undetected malicious code executions from June 2025 to December 2025.