Supply chain attack targets XZ Utils in Linux distributions
Cybersecurity Dive — April 2, 2024, 11:00 PM UTC
Summary: A supply chain attack targeted XZ Utils, a widely trusted data compression software in Linux distributions. A longtime contributor, suspected to be @JiaT75, inserted malicious code after gaining trust over several years. Red Hat warned of the compromise with CVE-2024-3094 and a CVSS score of 10. Microsoft engineer Andres Freund discovered the attack, emphasizing the need for robust defense strategies. Properly staffed vulnerability teams are crucial.
Article metrics
The article metrics are deprecated.
I'm replacing the original 8-factor scoring system with a new and improved one. It doesn't use the original factors and gives much better significance scores.