News and Notes from the Makers of Nexus | Sonatype Blog

CVE-2024-3094 The targeted backdoor supply chain attack against XZ and liblzma

By Ilkka Turunen on April 01, 2024 Software Supply Chain

Learn about a new, targeted backdoor supply chain attack against the popular XZ compression utility seen in many Linux distributions such as fedora and debian. Understand its impact, potential risks

18 minute read time

How to configure a private npm registry in Sonatype Nexus Repository, and how to publish and consume custom Node.js modules in your projects.

CVE-2024-3094 The targeted backdoor supply chain attack against XZ and liblzma

Custom node module management using private npm registry configured in Sonatype Nexus Repository

Secure your software supply chain

Subscribe for all the latest software security news and events