Two new supply-chain attacks come to light in less than a week