all InfoSec news
The xz/liblzma Compromise and Software Supply Chain Security
Phylum blog.phylum.io
At the end of March 2024, a major software supply chain attack was identified: some upstream forks of the popular xz/liblzma library that underpins the massively popular OpenSSH Server was compromised. A rogue contributor appears to have worked to influence the maintainers of the library, adding in seemingly innocuous
attack compromise compromised end influence library maintainers major march openssh popular rogue security server software software supply chain software supply chain attack software supply chain security supply supply chain supply chain attack supply chain security upstream