Microsoft Open-Sources Code as DeepSeek Leads in Security
Over 10,000 high-severity flaws have been discovered in widely used software, with the TrapDoor supply chain attack distributing credential-stealing malware through 34 malicious packages.

Over 10,000 high-severity flaws have been discovered in widely used software, highlighting the need for increased security measures in the tech industry.
Introduction to the Problem
The recent TrapDoor supply chain attack has targeted npm, PyPI, and Crates.io, distributing credential-stealing malware through 34 malicious packages across 384 versions. This attack, along with the backdoored Daemon Tools disk app, has raised concerns about the security of the software supply chain. According to Ars Technica, the attack on Daemon Tools lasted for a month.
Impact of the Attacks
- The TrapDoor attack began on May 22, 2026, at 8:20 p.m. UTC, with new packages published to the ecosystems in waves.
- 8 packages on Packagist were infected using GitHub-hosted Linux malware.
- The Claude Mythos AI found 10,000 high-severity flaws in widely used software, emphasizing the need for AI-powered security solutions.
Project Glasswing, a defensive effort launched by Anthropic, has helped uncover these vulnerabilities, securing critical global software.
What the Sceptics Say
Some argue that open-sourcing code, as done by Microsoft, may not be the solution to security issues, as it can also expose vulnerabilities to malicious actors. However, this approach can also facilitate community involvement in identifying and fixing flaws, as seen with the TrapDoor attack.
What This Means for the Industry
Companies like Microsoft and GitHub are taking steps to improve security, such as introducing 2FA-gated publishing and staged publishing features. In the next 6-12 months, we can expect to see increased adoption of AI-powered security solutions and a greater emphasis on community involvement in securing the software supply chain.
Key Takeaways
- Engineers: Implement AI-powered security solutions and participate in community efforts to identify and fix vulnerabilities.
- Investors: Invest in companies that prioritize security and adopt AI-powered solutions to protect against supply chain attacks.
- Business Leaders: Prioritize security and adopt a proactive approach to protecting against supply chain attacks, including implementing 2FA-gated publishing and staged publishing features.
- Consumers: Be aware of the potential risks associated with software supply chain attacks and take steps to protect themselves, such as using reputable sources for software downloads.
Engineers should now prioritize implementing AI-powered security solutions, investors should invest in companies that prioritize security, and business leaders should adopt a proactive approach to protecting against supply chain attacks.
Further Reading on AnalyticsGlobe
Sources
- Ars Technica: Widely used Daemon Tools disk app backdoored in monthlong supply-chain attack
- The Hacker News: TrapDoor Supply Chain Attack Spreads Credential-Stealing Malware via npm, PyPI, and CratesIO
- The Hacker News: npm Adds 2FA-Gated Publishing and Package Install Controls Against Supply Chain Attacks
- The Hacker News: Packagist Supply Chain Attack Infects 8 Packages Using GitHub-Hosted Linux Malware
- The Hacker News: Claude Mythos AI Finds 10,000 High-Severity Flaws in Widely Used Software
This article is published by AnalyticsGlobe for informational purposes only. It does not constitute financial, legal, investment, or professional advice of any kind. Always conduct your own research and consult qualified professionals before making any decisions.
James Whitfield
Published under the research and editorial standards of AnalyticsGlobe. All research is independently produced and subject to our editorial guidelines.