AMD's Auto-Updater Delivered Software Over Unencrypted HTTP, Enabling Supply Chain Injection Attacks

AMD's software updater fetched packages over plain HTTP rather than HTTPS, permitting man-in-the-middle attacks to inject malicious payloads at system level. The vulnerability took 124 days to patch, exceeding industry-standard 90-day norms. Unencrypted update delivery is a textbook flaw the software industry largely corrected years ago, making its presence in 2026 a notable regression in supply chain hygiene.

Published about 14 hours ago

Read at another depth

Intermediate Beginner

Recent briefs

See all briefs →

KPMG's AI Governance Report Marred by Fabricated CitationsJune 13, 2026
Israeli Firm Suspected of Running Electoral Smear Campaigns Across Multiple DemocraciesJune 13, 2026
Google Recycles 2,000 Old Pixels into Research ClusterJune 13, 2026
How a Brooklyn Jury Changed Hate Crime Law: Proving Bias Matters Before ViolenceJune 13, 2026
India's Military Keeps Crash Investigations Secret, Blocking Safety LessonsJune 13, 2026
Drug Diversion Works—But Only With Consistent ImplementationJune 13, 2026
Israel Seizes Beaufort Castle Beyond UN-Drawn BorderJune 13, 2026
BBC Faces Existential Challenge as Impartiality Crisis Erodes Political SupportJune 13, 2026