A large enterprise recently detected unusual activity across its internal systems. Investigation revealed the source was not a direct attack on the company’s defenses, but a compromise in a widely used third-party software component embedded in critical applications.