Live
Microsoft Flags libssh Double-Free in Azure Linux, But the Real Impact May Be Broader·MSFT +0.1%CVE-2025-38185: Azure Linux Vulnerability & Microsoft's Security Response·NVDA +3.0%Patch Azure Linux for CVE-2025-40913 Immediately, Microsoft Says (But Check Everything Else)·GOOGL +1.2%CVE-2025-5994: Azure Linux Supply Chain Vulnerability & Microsoft's Security Response·AMZN +2.9%Azure Linux Attestation: Microsoft's Security Advisory Explained·MSFT +0.1%CVE-2025-38108 & Microsoft's VEX Attestations: A New Era in Azure Linux Supply Chain Security·NVDA +3.0%Microsoft Patches LuaJIT Flaw in Azure Linux, But What About Your Other Microsoft Products?·GOOGL +1.2%Azure Linux Confirmed Exposed to CVE-2025-32052, But Libsoup Vulnerability Could Lurk in More Microsoft Offerings·AMZN +2.9%Microsoft Flags libssh Double-Free in Azure Linux, But the Real Impact May Be Broader·MSFT +0.1%CVE-2025-38185: Azure Linux Vulnerability & Microsoft's Security Response·NVDA +3.0%Patch Azure Linux for CVE-2025-40913 Immediately, Microsoft Says (But Check Everything Else)·GOOGL +1.2%CVE-2025-5994: Azure Linux Supply Chain Vulnerability & Microsoft's Security Response·AMZN +2.9%Azure Linux Attestation: Microsoft's Security Advisory Explained·MSFT +0.1%CVE-2025-38108 & Microsoft's VEX Attestations: A New Era in Azure Linux Supply Chain Security·NVDA +3.0%Microsoft Patches LuaJIT Flaw in Azure Linux, But What About Your Other Microsoft Products?·GOOGL +1.2%Azure Linux Confirmed Exposed to CVE-2025-32052, But Libsoup Vulnerability Could Lurk in More Microsoft Offerings·AMZN +2.9%

Supply Chain Security

The latest Supply Chain Security coverage — news, analysis, and updates from the WindowsNews.AI desk.

12 stories in view AI assisted desk updated 11:07 PM
Latest Most Read Breaking
Sort
Azure Linux · Cve 2025 5351

Microsoft Flags libssh Double-Free in Azure Linux, But the Real Impact May Be Broader

Microsoft has confirmed that Azure Linux ships with a vulnerable version of libssh, exposing systems to a memory corruption bug tracked as CVE-2025-5351. The advisory, posted on the Microsoft...

Advertisement
Azure Linux · Cve 2025 49812

Azure Linux Attestation: Microsoft's Security Advisory Explained

Microsoft's recent security advisory regarding Azure Linux and CVE-2025-49812 has sparked significant discussion in the IT security community, highlighting the nuanced relationship between...

SE Security Desk·21w ago
Azure Linux · Linux Kernel

CVE-2025-38108 & Microsoft's VEX Attestations: A New Era in Azure Linux Supply Chain Security

The recent disclosure of CVE-2025-38108, a race condition vulnerability in the Linux kernel's Random Early Detection (RED) queue management algorithm within the net_sched subsystem, has become far...

SE Security Desk·21w ago
Azure Linux · Luajit

Microsoft Patches LuaJIT Flaw in Azure Linux, But What About Your Other Microsoft Products?

Microsoft has shipped security updates for Azure Linux to address an out-of-bounds read vulnerability in the LuaJIT just-in-time compiler, but the company's public attestation stops at its own...

SE Security Desk·21w ago
Azure Linux · Cve 2025 32052

Azure Linux Confirmed Exposed to CVE-2025-32052, But Libsoup Vulnerability Could Lurk in More Microsoft Offerings

Microsoft has publicly confirmed that its Azure Linux distribution includes a vulnerable version of the libsoup library, putting virtual machines and container workloads running the cloud-optimized...

SE Security Desk·21w ago
Artifact Discovery · Azure Linux

Microsoft’s First CSAF/VEX Attestation Flags Azure Linux Deadlock Bug (CVE-2025-22014)—Here’s How to Check Your Entire Image Catalog

In October 2025, Microsoft disclosed that a newly identified Linux kernel vulnerability, tracked as CVE-2025-22014, affects its Azure Linux distribution. The advisory, published via Microsoft’s new...

SE Security Desk·21w ago
Ai Security · Data Protection

AI Transactions Surge 91% to 1 Trillion; 39% Blocked as Data Leak Fears Mount

In 2025, businesses worldwide sent nearly one trillion AI-related transactions through their networks—a 91% increase over the previous year—and security teams were forced to block 39% of that...

AI AI & Copilot Desk·21w ago
Cgo · Go Modules

Go Toolchain CVE-2023-29402: Critical Supply Chain Vulnerability Analysis

The Go programming language's toolchain, widely used by developers worldwide, was quietly exposed to a high-risk code-injection vulnerability in 2023 that continues to offer critical lessons for...

SE Security Desk·21w ago
Azure Linux · Go Parser

CVE-2024-34155: Go Parser Vulnerability Threatens Azure Linux & Supply Chains

A critical vulnerability in Go's standard library has exposed countless applications and cloud infrastructure to denial-of-service attacks, with Microsoft's Azure Linux distribution among the...

SE Security Desk·21w ago