Software Supply Chain
The latest Software Supply Chain coverage — news, analysis, and updates from the WindowsNews.AI desk.
npm Supply Chain Attacks Target Windows Builds: Microsoft to Expose Tactics at Black Hat
Microsoft security researchers will disclose new intelligence on ongoing npm supply-chain attacks that have been actively targeting software ecosystems and developer workflows, the company said...
Eden Emulator Exits GitHub After Nintendo DMCA: Your Guide to Safe Self-Hosted Updates
The Eden Nintendo Switch emulator pulled its releases from GitHub in February 2026 after Nintendo filed DMCA takedown notices targeting its repositories, forcing the project to distribute future...
Ex-GitHub CEO Thomas Dohmke Takes on Centralized Git with Entire's New Distributed Network
Thomas Dohmke, the former CEO of Microsoft-owned GitHub, just opened the waitlist for Entire—a startup aiming to upend how developers host and share code. On July 8, 2026, the company began...
Critical Mendix Studio Pro Vulnerability Allows Code Execution via Malicious Project Files
Siemens and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued a joint advisory on July 7, 2026, confirming a critical remote code execution (RCE) flaw in Mendix Studio Pro. The...
Hidden Open-Source Code in AI-Generated Software Poses Legal 'Vibe Coding' Threat, Lawyers Warn
Businesses embracing AI-assisted coding are unknowingly exposing themselves to open-source license violations and intellectual property risks, a new legal analysis from U.K. law firm Trethowans...
SonarQube Now Scans AI-Written Code Across Copilot, Claude Code, and More
SonarSource has rolled out a suite of SonarQube plugins that inject static analysis directly into the workflow of popular AI coding agents, ensuring that code generated by tools like GitHub Copilot,...
Microsoft’s Python Dependency Remediation AI Cuts Hours-Long Fixes to Minutes, Now Open to All
Microsoft has begun externalizing an AI-powered Visual Studio Code extension born from a grassroots hackathon, one designed to attack one of software engineering’s most unloved chores: cleaning up...
CVE-2026-34182: OpenSSL Flaw Enables CMS Forgery Attacks, Windows Users Urged to Patch
A severe vulnerability in the OpenSSL cryptographic library surfaced on June 9, 2026, enabling attackers to forge authenticated encrypted messages in the Cryptographic Message Syntax (CMS)...
CVE-2026-45644: Live Share SDK Flaw Shows Why Patches Must Extend to Extensions
CVE-2026-45644, an elevation-of-privilege flaw in Microsoft's Live Share Canvas SDK, landed in the June 2026 Patch Tuesday bundle. The vulnerability, rated Important by Microsoft, allows an attacker...
Miasma worm exploited AI agents to hijack 73 Microsoft repos via GitHub on June 5, 2026.
A new class of software supply chain attack has emerged, exploiting the very AI coding agents developers rely on to boost productivity. Dubbed the Miasma worm, this campaign—first observed in early...
GitHub Disables 73 Microsoft Repos After Malicious Commit via 'Miasma' AI Workspace
GitHub has taken the unprecedented step of disabling 73 repositories belonging to Microsoft after a malicious commit was detected in the Azure/durabletask repository on June 5, 2026. The commit was...
CISA Warns: Poisoned VS Code Extensions Fuel Megalodon Build Attacks
The Cybersecurity and Infrastructure Security Agency (CISA) issued an urgent warning on May 28, 2026, confirming that a coordinated supply chain attack has poisoned the wellspring of modern software...