News and Notes from the Makers of Nexus | Sonatype Blog

CVE-2024-3094 The targeted backdoor supply chain attack against XZ and liblzma

By Ilkka Turunen on April 01, 2024 Software Supply Chain

Learn about a new, targeted backdoor supply chain attack against the popular XZ compression utility seen in many Linux distributions such as fedora and debian. Understand its impact, potential risks

2 minute read time

Sonatype's 2020 State of the Software Supply Chain Report shows that faster innovation and better risk management do not have to be mutually exclusive.

CVE-2024-3094 The targeted backdoor supply chain attack against XZ and liblzma

Introducing our 2020 State of the Software Supply Chain report

Secure your software supply chain

Subscribe for all the latest software security news and events