backdoor
Safeguard articles tagged "backdoor" — guides, analysis, and best practices for software supply chain and application security.
7 articles
The XZ Utils Backdoor (CVE-2024-3094) Explained: A Near-Miss Supply Chain Catastrophe
CVE-2024-3094 was a deliberately planted backdoor in xz-utils 5.6.0/5.6.1 targeting sshd. It was caught by a 500ms delay one engineer refused to ignore. Here is how the attack worked.
Lessons from the XZ Utils Backdoor: A Three-Year Social Engineering Heist
CVE-2024-3094 was a backdoor patiently planted in XZ Utils over years of social engineering, caught by an engineer chasing half a second of SSH latency. Here is the full story.
Fine-Tune Backdoor Insertion: Academic Research
A senior engineer's review of academic research on fine-tune backdoor insertion, from BadNets to sleeper agents, and how the findings translate to production ML.
XZ Utils Backdoor: One Year Retrospective
A year after the XZ Utils backdoor was caught by Andres Freund at Microsoft, what did we fix, what did we ignore, and what still gets packaged into Linux distros?
Hugging Face Pickle Backdoor Research 2025
Pickle-serialized model files remain a live attack surface on Hugging Face. Here is what 2025 research disclosed about persistent backdoors and what defenders should do about it.
Insider Threats in Open Source Projects: Lessons from XZ Utils
The XZ Utils backdoor was a three-year social engineering operation, not a coding mistake. What the timeline shows about maintainer trust, and what you can actually monitor.
XZ Utils Backdoor (CVE-2024-3094): The Most Sophisticated Supply Chain Attack Ever Discovered
A multi-year social engineering campaign planted a backdoor in XZ Utils that would have compromised SSH on most Linux distributions. Technical deep dive into what happened.