all InfoSec news
A software supply chain meltdown: What we know about the XZ Trojan
Malware Analysis, News and Indicators - Latest topics malware.news
Security experts are sounding alarms about what some are calling the most sophisticated supply chain attack ever carried out on an open source project: a malicious backdoor planted in xz/liblzma (part of the xz-utils package), a popular open source compression tool.
A months-long campaign of tampering and social engineering intended to plant malicious code in major Linux distributions is behind the compromise of the open-source compression library xz/liblzma called the XZ Trojan.
The details of the attack and the extent …
alarms attack backdoor calling campaign compression experts malicious meltdown open source package popular project security security experts social software software supply chain supply supply chain supply chain attack tampering tool trojan