In a reminder that open source products can carry significant risks beyond intellectual property, a vulnerability in a compression tool commonly used by developers has triggered widespread concerns.

CISA and the open source community are responding to reports of malicious code being embedded in XZ Utils versions 5.6.0 and 5.6.1. This activity was assigned CVE-2024-3094. XZ Utils is data ...

An enormous cyber-attack that would have had a catastrophic impact on millions of computer systems across the planet was thwarted over the weekend by a lone researcher, who spotted a backdoor in the ...

The XZ-Utils backdoor, first discovered in March 2024, is still present in at least 35 Linux images on Docker Hub, potentially putting users, organizations, and their data at risk. Evolving threats ...

Red Hat is warning that a vulnerability in XZ Utils, the XZ format compression utility included in Unix-like operating systems such as Linux, is a backdoor. Users should either downgrade the utility ...

The recent discovery of a backdoor in the XZ Utils data compression utility — present in nearly all major Linux distributions — is a stark reminder that organizations who consume open source ...

Over the past few days, the security world has been abuzz with the discovery of a backdoor snuck into a compression utility called xz-utils. While this backdoor was effectively a near miss, getting ...

A data compression program in the Unix and Linux world. Developed by Lasse Collin and Igor Pavlov, XZ Utils was released in 2009 as "LZMA Utils." Because XZ can only compress a single file, it is ...