News and Notes from the Makers of Nexus | Sonatype Blog

CVE-2024-3094 The targeted backdoor supply chain attack against XZ and liblzma

By Ilkka Turunen on April 01, 2024 Software Supply Chain

Learn about a new, targeted backdoor supply chain attack against the popular XZ compression utility seen in many Linux distributions such as fedora and debian. Understand its impact, potential risks

3 minute read time

In this month's Nexus Intelligence Insights we discuss an older component, but one that is widely used across a variety of ecosystems, and has a vulnerability.

CVE-2024-3094 The targeted backdoor supply chain attack against XZ and liblzma

Nexus Intelligence Insights: CVE-2014-3603 — Lack of Hostname Verification in OpenSAML

Secure your software supply chain

Subscribe for all the latest software security news and events