News and Notes from the Makers of Nexus | Sonatype Blog

CVE-2024-3094 The targeted backdoor supply chain attack against XZ and liblzma

By Ilkka Turunen on April 01, 2024 Software Supply Chain

Learn about a new, targeted backdoor supply chain attack against the popular XZ compression utility seen in many Linux distributions such as fedora and debian. Understand its impact, potential risks

3 minute read time

In this month's Nexus Intelligence Insights, we're analyzing the mechanics of the braces regular expression denial of service attack - and what you can do to.

CVE-2024-3094 The targeted backdoor supply chain attack against XZ and liblzma

Nexus Intelligence Insights: CVE-2018-1109-Braces Regular expression Denial of Service (ReDoS) attack

Secure your software supply chain

Subscribe for all the latest software security news and events