all InfoSec news
A software supply chain meltdown: What we know about the XZ Trojan
Security Boulevard securityboulevard.com
Security experts are sounding alarms about what some are calling the most sophisticated supply chain attack ever carried out on an open source project: a malicious backdoor planted in xz/liblzma (part of the xz-utils package), a popular open source compression tool.
The post A software supply chain meltdown: What we know about the XZ Trojan appeared first on Security Boulevard.
alarms appsec & supply chain security attack backdoor calling compression experts malicious meltdown open source package popular project security security experts software software supply chain supply supply chain supply chain attack tool trojan