all InfoSec news
Backdoor Discovered in xz: The Most Advanced Supply Chain Attack Known to Date
Malware Analysis, News and Indicators - Latest topics malware.news
The xz project, a tool used by many Linux distributions for compressing files, was compromised by a malicious actor who gradually took over the project and inserted a backdoor.
The attack, discovered accidently on March 29, 2024, by a developer named Andres Freund, during performance testing, was carried out over several years by the GitHub account Jia Tan (JiaT75), who gained the trust of the long-time maintainer of the xz project and eventually replaced them as the main point of …
actor advanced attack backdoor compromised date developer distributions files linux linux distributions malicious march performance performance testing project supply supply chain supply chain attack testing tool