The automatic upgrades channel issue is close to the very heart of, for example, popular browser extensions becoming malicious.
Another attack from the past was the system certificate store compromise by Lenovo on workstations and laptops sold to its own customers, allowing for decryption of any HTTPS traffic from the customer. [1]
Another high profile attack that everyone will know about is the SolarWinds compromise of its software updates. [2]
The automatic upgrades channel issue is close to the very heart of, for example, popular browser extensions becoming malicious.
Another attack from the past was the system certificate store compromise by Lenovo on workstations and laptops sold to its own customers, allowing for decryption of any HTTPS traffic from the customer. [1]
Another high profile attack that everyone will know about is the SolarWinds compromise of its software updates. [2]
[1] https://us-cert.cisa.gov/ncas/alerts/TA15-051A
[2] https://www.bleepingcomputer.com/news/security/new-sunspot-m...