#supply chain Tech News.

Antares switched on its Mark-0 microreactor in June, winning the Trump administration's pilot program race. The US nuclear fuel supply chain is lacking from mining to fabrication as Congress bans Russian enriched uranium imports in 2028. AI hyperscalers are signing contracts for next-generation reactors.

GitHub automatically disabled 73 Microsoft-related package repositories after the Miasma worm compromised Azure open source packages. The infection centered on the Microsoft Durabletask package, previously compromised in May, which had over 400,000 monthly downloads. Stolen credentials from the original attack were likely never properly disabled.

Ladybug Resource Group, Inc. launched an AI-driven "Smart Supply Chain Hub" to redefine global sourcing for non-standard industrial components. The company announced the new platform aims to improve efficiency in sourcing specialized industrial parts. The hub targets the market for non-standard components.

Amazon launched Amazon Supply Chain Services, turning its internal supply chain into a business for other companies. Bank of America reset its stock forecast on Amazon following the launch. The move follows Amazon's pattern of building internal systems and then offering them as external services, as it did with AWS.

Chinese manufacturers dominate the humanoid robot supply chain, a lead evident at the Humanoids Summit in Tokyo. The industry still struggles to find a clear purpose for such robots, despite China's strong production position.

Technology executives and venture capitalists at the Fortune Brainstorm Tech summit warned the U.S. defense supply chain is unprepared for modern warfare. The group, including leaders from General Catalyst Institute and Tagup, said the U.S. relies on vulnerable supply chains for critical minerals and high-tech components. Deeper public-private partnerships and modernization of government acquisition are needed to compete with China.

Huawei issued a price adjustment notice to partners in China confirming all product prices will rise starting July 1, 2026. The company cites supply chain shifts in the global chip industry, high AI system demands, and skyrocketing RAM and storage costs as the reasons. Exact price increases remain undisclosed.

Anthropic partnered with JFrog to launch a plugin for Claude Code that brings enterprise-grade software supply chain governance to AI coding agents. The integration gives developers governed access to scan, curate, and secure artifacts and dependencies. It also extends Claude Code with domain-specific JFrog Platform Skills using natural language.

The global auto industry faces more supply bottlenecks as the Iran war drags on. BASF CEO Markus Kamieth warned that the U.S.-Israeli conflict with Iran risks disrupting key parts for cars and light trucks, threatening production and inventories in the second half of the year.

Gallo, the world's largest wine producer by volume, is investing in agentic AI to improve supply chain decisions. Vice president Nitin Murali said the goal is to close a "signal deficit" and make faster, better decisions at scale. The company has over 7,000 employees and 130 brands.

Tin, a metal long associated with canned food, now plays a critical role in the AI industry. The metal is essential for soldering components in advanced semiconductors and high-performance computing hardware. This shift has driven surging demand and reshaped global supply chains for the material.

Minimus launched supply chain protection and Minicli for policy enforcement and image-as-code capability. The new tools aim to secure software supply chains and enforce policies through code-defined images.

MP Materials operates the Mountain Pass mine in California, the only large-scale rare-earth mine in the U.S. The company benefits from U.S. policy efforts to reduce dependence on China, which controlled 70% of extraction and 90% of processing in 2025. However, recent U.S.-China cooperation on supply chain shortages has weakened those tailwinds.

Microsoft confirmed it temporarily removed GitHub repositories after 73 open-source projects were compromised to inject an information stealer in a campaign codenamed Miasma. Some repos have been restored; others remain offline. The payload can trigger automatic code execution when opened in an AI-powered coding tool or IDE.

GitLab's Vulnerability Research team uncovered a Python supply chain attack on PyPI deploying the Shai-Hulud worm. Five malicious packages were found, including four typosquats of Flask, Requests, and NumPy. The malware executes at install time, steals credentials from CI/CD systems, and targets all major cloud providers.

Datadog Code Threat Detection analyzes GitHub pull requests for malicious code changes targeting CI/CD pipelines. The tool uses AI-assisted analysis of diffs, repository metadata, and actor information to surface attacks traditional scanners miss. It addresses supply chain incidents like tj-actions and Nx s1ngularity where attackers bypassed production applications.

Microsoft disabled dozens of GitHub repos after hackers injected password-stealing malware into open source projects for Azure and AI developer tools like Claude Code and VS Code. Security firm Cloudsmith flagged the supply chain attack. The malware stole credentials when users opened compromised tools in AI coding apps.

A malicious campaign named 'Hades' is targeting the PyPI package repository, drawing a new parallel to the Shai-Hulud sandworm from Dune. The attack employs typosquatting and dependency confusion to distribute malware. Developers are advised to verify package names and sources before installation.

A config file at.github/setup.js in a repository commit f72462d9 runs a 4.3MB encrypted dropper when a developer opens the project. VS Code Cursor Claude Code and npm agents execute such files by default after a one-time trust prompt. The Miasma worm infected 121 repositories by injecting a single command into config files that are rarely reviewed.