Security experts are sounding alarms about what some are calling the most sophisticated supply chain attack ever carried out on an open source project: a malicious backdoor planted in xz/liblzma (part of the xz-utils package), a popular open source compression tool.

The post A software supply chain meltdown: What we know about the XZ Trojan appeared first on Security Boulevard.

Paul Roberts

Source: Security Boulevard
Source Link: https://securityboulevard.com/2024/04/a-software-supply-chain-meltdown-what-we-know-about-the-xz-trojan/