News

Ars Technica1y
What we know about the xz Utils backdoor that almost infected the world
What does the backdoor do? Malicious code added to xz Utils versions 5.6.0 and 5.6.1 modified the way the software functions. The backdoor manipulated sshd, the executable file used to make remote ...
Ars Technica1y
Backdoor found in widely used Linux utility targets encrypted SSH ...
The malicious changes were submitted by JiaT75, one of the two main xz Utils developers with years of contributions to the project. “Given the activity over several weeks, the committer is ...
TechRepublic1y
XZ Utils Supply Chain Attack: A Threat Actor Spent Two Years to ...
XZ Utils is used by many operations on those systems for compressing and decompressing data. The CVE-2024-3094 backdoor found in XZ Utils was implemented to interfere with authentication in SSHD, ...
CSOonline1y
Dangerous XZ Utils backdoor was the result of years-long supply chain ...
XZ-Utils dates back to 2009 and was created by a developer named Lasse Collin who is known as Larhzu on GitHub. He also served as the sole maintainer of the project until around 2023 when another ...
The Verge1y
Who is ‘Jia Tan,’ the coder behind the XZ Utils Linux backdoor?
Security researcher Costin Raiu tells Wired the XZ Utils attack is far more “cunning” than anything he’d seen previously. Others have looked into when Tan submitted their code.
CSOonline1y
More open-source project takeover attempts found after XZ Utils attack
Discovered after OpenJS Foundation Cross Project Council received a request for administrative access for a ‘quick fix’.