What is a threatening actor and how can this actor take advantage of open source or third party vendor's packages/libraries?

Wikipedia: A threatening actor is one or more people who target technical artifacts such as software, networks and/or devices with the purpose of harming it.

Aquasec: An attacking actor may identify, target and inject malicious software in a vulnerable part of an open source package or a third party vendor’s code. The consumer of this code may consequently and unknowingly deploy the malicious code throughout their pipelines, thus infecting their own projects. An example of this happening is the hack of SolarWinds.