xz-utils-backdoor
Safeguard articles tagged "xz-utils-backdoor" — guides, analysis, and best practices for software supply chain and application security.
5 articles
The XZ Utils backdoor CVE-2024-3094 explained
CVE-2024-3094 hid a remote-access backdoor inside xz-utils via a years-long social engineering campaign. Here's the timeline, impact, and fix.
The XZ Utils Backdoor Explained
A trusted maintainer, years of quiet social engineering, and one hidden SSH backdoor: how CVE-2024-3094 nearly compromised the global Linux supply chain.
The XZ Utils backdoor: anatomy of a supply chain attack
A two-year maintainer-trust takeover placed a pre-auth SSH backdoor inside xz-utils. Heres how CVE-2024-3094 was built, hidden, and caught in time.
Security Training Gaps Among Solo Maintainers of High-Imp...
xz-utils, event-stream, and ua-parser-js show how single-maintainer projects lack the security training and support that high-impact infrastructure now demands.
The XZ Utils Incident as a Case Study in Maintainer Trust...
CVE-2024-3094 shows how a patient social-engineering campaign turned trusted open source maintainership into a near-catastrophic SSH backdoor.