CVE-2024-3094 Unveiled: XZ Utils Compromise Sparks Security Alarm
<p>On Friday, March 29, developer Andres Freund detected unusual behavior in his Debian sid environment. In response, he contacted an open-source security mailing list to report his discovery of an upstream backdoor in the commonly used command-line tool XZ Utils (liblzma). The backdoor was surreptitiously added by a long-time open-source contributor, affecting XZ Utils versions […]</p>