Malicious code found in XZ Utils on Good Friday
The Guardian — April 6, 2024, 04:00 PM UTC
Summary: On Good Friday, Microsoft engineer Andres Freund discovered malicious code in XZ Utils, a critical data compression tool for Linux. The code aimed to create a backdoor in SSH, compromising network security. The attack was a supply-chain breach, similar to the SolarWinds incident. The malware arrived through recent XZ Utils updates, possibly orchestrated by a new contributor named Jia Tan. This highlights the vulnerability of open-source software maintained by volunteers.
Article metrics
The article metrics are deprecated.
I'm replacing the original 8-factor scoring system with a new and improved one. It doesn't use the original factors and gives much better significance scores.