A software supply chain meltdown: What we know about the XZ Trojan

Security experts are sounding alarms about what some are calling the most sophisticated supply chain attack ever carried out on an open source project: a malicious backdoor planted in xz/liblzma (part of the xz-utils package), a popular open source compression tool.

The post A software supply chain meltdown: What we know about the XZ Trojan appeared first on Security Boulevard.