Each domain in the supply chain is a target for a hacker. If they can compromise servers hosting or routing advertising, they have a large pool of potential victims - a much more effective attack surface than hacking a single website.