Bleeping Computer

New XZ backdoor scanner detects implant in any Linux binary

Firmware security firm Binarly has released a free online scanner to detect Linux executables impacted by the XZ Utils supply chain attack, tracked as CVE-2024-3094. CVE-2024-3094 is a supply chain ...
Bleeping Computer

Latest XZ Utils news

The XZ-Utils backdoor, first discovered in March 2024, is still present in at least 35 Linux images on Docker Hub, potentially putting users, organizations, and their data at risk. Evolving threats ...
GIGAZINE

It was discovered that a malicious backdoor was installed in the built-in compression tool 'XZ Utils' of Linux distributions such as Red Hat and Debian.

On March 29, 2024 local time, developer Andres Freund reported the existence of a malicious backdoor in XZ Utils. According to him, it was confirmed that malicious code was present in versions 5.6.0 ...
Wired

The XZ Backdoor: Everything You Need to Know

On Friday, a lone Microsoft developer rocked the world when he revealed a backdoor had been intentionally planted in XZ Utils, an open source data compression utility available on almost all ...
CSOonline

Dangerous XZ Utils backdoor was the result of years-long supply chain compromise effort

Caught before it could do widespread damage, the sophisticated vulnerability could have been one of the highest-impact software supply chain breaches to date. A data compression library called XZ ...