Microsoft 200-patch record, Veeam RCE critical, GitHub supply-chain worm ongoing

Microsoft released a record Patch Tuesday covering ~200 CVEs while Veeam patched a critical RCE (CVE-2026-44963, CVSS 9.4); Microsoft/GitHub suffered a Miasma supply‑chain compromise that injected an information stealer into 73 repositories; patched WinRAR (CVE-2025-8088) is being actively exploited by Russia-aligned groups against Ukrainian targets; and ServiceNow disclosed an unauthenticated API incident exposing customer data—prioritize emergency patching for Veeam and Microsoft, validate and reprovision affected dependencies, ensure WinRAR is patched across endpoints, and review ServiceNow access logs.