Tag
cve-2024-3094
Safeguard articles tagged "cve-2024-3094" — guides, analysis, and best practices for software supply chain and application security.
14 articles
Supply Chain Security
How One Engineer's Curiosity Saved Linux: The XZ Utils Backdoor Discovery Story
Andres Freund noticed SSH was 500ms slower than expected. That observation prevented the most dangerous supply chain attack in open source history from reaching stable Linux distributions.
Apr 1, 20247 min read
Supply Chain Security
XZ Utils Backdoor (CVE-2024-3094): The Most Sophisticated Supply Chain Attack Ever Discovered
A multi-year social engineering campaign planted a backdoor in XZ Utils that would have compromised SSH on most Linux distributions. Technical deep dive into what happened.
Mar 29, 20246 min read