Breaking
Loading the latest security headlines…      Loading the latest security headlines…
Back to News
Malware & PhishingBullish SignalHigh Impact

Microsoft Open-Sources Code as DeepSeek Leads in Security

Share: X LinkedIn WhatsApp

Over 10,000 high-severity flaws have been discovered in widely used software, with the TrapDoor supply chain attack distributing credential-stealing malware through 34 malicious packages.

Microsoft Open-Sources Code as DeepSeek Leads in Security
JW
James Whitfield
Technology & Policy Editor
25 May 202610 min read1 views

Over 10,000 high-severity flaws have been discovered in widely used software, highlighting the need for increased security measures in the tech industry.

Introduction to the Problem

The recent TrapDoor supply chain attack has targeted npm, PyPI, and Crates.io, distributing credential-stealing malware through 34 malicious packages across 384 versions. This attack, along with the backdoored Daemon Tools disk app, has raised concerns about the security of the software supply chain. According to Ars Technica, the attack on Daemon Tools lasted for a month.

Impact of the Attacks

  • The TrapDoor attack began on May 22, 2026, at 8:20 p.m. UTC, with new packages published to the ecosystems in waves.
  • 8 packages on Packagist were infected using GitHub-hosted Linux malware.
  • The Claude Mythos AI found 10,000 high-severity flaws in widely used software, emphasizing the need for AI-powered security solutions.
Project Glasswing, a defensive effort launched by Anthropic, has helped uncover these vulnerabilities, securing critical global software.

What the Sceptics Say

Some argue that open-sourcing code, as done by Microsoft, may not be the solution to security issues, as it can also expose vulnerabilities to malicious actors. However, this approach can also facilitate community involvement in identifying and fixing flaws, as seen with the TrapDoor attack.

What This Means for the Industry

Companies like Microsoft and GitHub are taking steps to improve security, such as introducing 2FA-gated publishing and staged publishing features. In the next 6-12 months, we can expect to see increased adoption of AI-powered security solutions and a greater emphasis on community involvement in securing the software supply chain.

Key Takeaways

  1. Engineers: Implement AI-powered security solutions and participate in community efforts to identify and fix vulnerabilities.
  2. Investors: Invest in companies that prioritize security and adopt AI-powered solutions to protect against supply chain attacks.
  3. Business Leaders: Prioritize security and adopt a proactive approach to protecting against supply chain attacks, including implementing 2FA-gated publishing and staged publishing features.
  4. Consumers: Be aware of the potential risks associated with software supply chain attacks and take steps to protect themselves, such as using reputable sources for software downloads.

Engineers should now prioritize implementing AI-powered security solutions, investors should invest in companies that prioritize security, and business leaders should adopt a proactive approach to protecting against supply chain attacks.

Sources

Tags:supply chain attacksecurityMicrosoftDeepSeekAI-powered security
Disclaimer

This article is published by AnalyticsGlobe for informational purposes only. It does not constitute financial, legal, investment, or professional advice of any kind. Always conduct your own research and consult qualified professionals before making any decisions.

JW

James Whitfield

Technology & Policy Editor

Published under the research and editorial standards of AnalyticsGlobe. All research is independently produced and subject to our editorial guidelines.