The scourge of software supply chain attacks—an increasingly common hacking technique that hides malicious code in a widely used legitimate program—can take many forms. Hackers can penetrate an update ...

The XZ Utils backdoor (CVE-2024-3094) may not have been an isolated incident, according to a joint statement by the Open Source Security Foundation and the OpenJS Foundation. If you're unaware of the ...

An enormous cyber-attack that would have had a catastrophic impact on millions of computer systems across the planet was thwarted over the weekend by a lone researcher, who spotted a backdoor in the ...

All products featured on WIRED are independently selected by our editors. However, we may receive compensation from retailers and/or from purchases of products through these links. On Friday, a lone ...

The infamous XZ Utils backdoor discovered last year may have a bit of life in it yet. Binarly on Aug. 12 published research concerning the XY Utils backdoor, a notorious incident in which a developer ...

It’s a lot more complicated than that. The FOSS ideal is “You are what you code,” not “Your reputation precedes you.” As such, it shouldn’t matter one whit if you are a seventeen-year cicada larva ...

A Microsoft developer has found a backdoor in a software package of a compression library widely used in Linux systems that could have resulted in a massive software supply chain attack. The author of ...

After a Microsoft software engineer noticed a backdoor in XZ Utils, an open-source set of data-compression tools widely used across Linux, the world was only a couple of weeks away from a major supply ...

A backdoor has been implanted in the two latest versions of XZ Utils — a set of data compression software tools and libraries ‘present in nearly every Linux distribution,’ according to Red Hat. Red ...

Using MacPorts on my AS machine because it gives me a more or less usable AS version of qgis3. Just did a port upgrade outdated and, after running it, found that the active version of xz was 5.4.6.