AMD's Software Updater Left Systems Open to Supply Chain Attacks

AMD's updater fetched software packages over unencrypted HTTP instead of HTTPS, exposing installations to interception and malicious injection at the kernel level. The flaw persisted 124 days before patching—well past industry standard. Unencrypted updates rank among the oldest solved problems in software security; finding one in production in 2026 signals a genuine lapse in supply chain controls.