Live
npm Supply Chain Attacks Target Windows Builds: Microsoft to Expose Tactics at Black Hat·MSFT +0.1%Eden Emulator Exits GitHub After Nintendo DMCA: Your Guide to Safe Self-Hosted Updates·NVDA +3.0%Ex-GitHub CEO Thomas Dohmke Takes on Centralized Git with Entire's New Distributed Network·GOOGL +1.2%Critical Mendix Studio Pro Vulnerability Allows Code Execution via Malicious Project Files·AMZN +2.9%Hidden Open-Source Code in AI-Generated Software Poses Legal 'Vibe Coding' Threat, Lawyers Warn·MSFT +0.1%SonarQube Now Scans AI-Written Code Across Copilot, Claude Code, and More·NVDA +3.0%Microsoft’s Python Dependency Remediation AI Cuts Hours-Long Fixes to Minutes, Now Open to All·GOOGL +1.2%CVE-2026-34182: OpenSSL Flaw Enables CMS Forgery Attacks, Windows Users Urged to Patch·AMZN +2.9%npm Supply Chain Attacks Target Windows Builds: Microsoft to Expose Tactics at Black Hat·MSFT +0.1%Eden Emulator Exits GitHub After Nintendo DMCA: Your Guide to Safe Self-Hosted Updates·NVDA +3.0%Ex-GitHub CEO Thomas Dohmke Takes on Centralized Git with Entire's New Distributed Network·GOOGL +1.2%Critical Mendix Studio Pro Vulnerability Allows Code Execution via Malicious Project Files·AMZN +2.9%Hidden Open-Source Code in AI-Generated Software Poses Legal 'Vibe Coding' Threat, Lawyers Warn·MSFT +0.1%SonarQube Now Scans AI-Written Code Across Copilot, Claude Code, and More·NVDA +3.0%Microsoft’s Python Dependency Remediation AI Cuts Hours-Long Fixes to Minutes, Now Open to All·GOOGL +1.2%CVE-2026-34182: OpenSSL Flaw Enables CMS Forgery Attacks, Windows Users Urged to Patch·AMZN +2.9%

Software Supply Chain

The latest Software Supply Chain coverage — news, analysis, and updates from the WindowsNews.AI desk.

12 stories in view AI assisted desk updated 12:15 PM
Latest Most Read Breaking
Sort
Ai Security · Blackhat Usa

npm Supply Chain Attacks Target Windows Builds: Microsoft to Expose Tactics at Black Hat

Microsoft security researchers will disclose new intelligence on ongoing npm supply-chain attacks that have been actively targeting software ecosystems and developer workflows, the company said...

Advertisement
Ai Coding · Open Source Compliance

Hidden Open-Source Code in AI-Generated Software Poses Legal 'Vibe Coding' Threat, Lawyers Warn

Businesses embracing AI-assisted coding are unknowingly exposing themselves to open-source license violations and intellectual property risks, a new legal analysis from U.K. law firm Trethowans...

AI AI & Copilot Desk·1w ago
Ai Coding Agents · Code Security

SonarQube Now Scans AI-Written Code Across Copilot, Claude Code, and More

SonarSource has rolled out a suite of SonarQube plugins that inject static analysis directly into the workflow of popular AI coding agents, ensuring that code generated by tools like GitHub Copilot,...

AI AI & Copilot Desk·2w ago
Dependency Remediation · Python Security

Microsoft’s Python Dependency Remediation AI Cuts Hours-Long Fixes to Minutes, Now Open to All

Microsoft has begun externalizing an AI-powered Visual Studio Code extension born from a grassroots hackathon, one designed to attack one of software engineering’s most unloved chores: cleaning up...

SE Security Desk·3w ago
Cms Authenvelopeddata · Openssl Vulnerabilities

CVE-2026-34182: OpenSSL Flaw Enables CMS Forgery Attacks, Windows Users Urged to Patch

A severe vulnerability in the OpenSSL cryptographic library surfaced on June 9, 2026, enabling attackers to forge authenticated encrypted messages in the Cryptographic Message Syntax (CMS)...

SE Security Desk·5w ago
Cve Security · Dependency Management

CVE-2026-45644: Live Share SDK Flaw Shows Why Patches Must Extend to Extensions

CVE-2026-45644, an elevation-of-privilege flaw in Microsoft's Live Share Canvas SDK, landed in the June 2026 Patch Tuesday bundle. The vulnerability, rated Important by Microsoft, allows an attacker...

SE Security Desk·5w ago
Ai Coding Agents · Credential Theft

Miasma worm exploited AI agents to hijack 73 Microsoft repos via GitHub on June 5, 2026.

A new class of software supply chain attack has emerged, exploiting the very AI coding agents developers rely on to boost productivity. Dubbed the Miasma worm, this campaign—first observed in early...

AI AI & Copilot Desk·5w ago
Ai Coding Agents · Ai Coding Assistants

GitHub Disables 73 Microsoft Repos After Malicious Commit via 'Miasma' AI Workspace

GitHub has taken the unprecedented step of disabling 73 repositories belonging to Microsoft after a malicious commit was detected in the Azure/durabletask repository on June 5, 2026. The commit was...

AI AI & Copilot Desk·5w ago
Cisa Alert · Github Actions

CISA Warns: Poisoned VS Code Extensions Fuel Megalodon Build Attacks

The Cybersecurity and Infrastructure Security Agency (CISA) issued an urgent warning on May 28, 2026, confirming that a coordinated supply chain attack has poisoned the wellspring of modern software...

SE Security Desk·7w ago