News and Notes from the Makers of Nexus | Sonatype Blog

CVE-2024-3094 The targeted backdoor supply chain attack against XZ and liblzma

By Ilkka Turunen on April 01, 2024 Software Supply Chain

Learn about a new, targeted backdoor supply chain attack against the popular XZ compression utility seen in many Linux distributions such as fedora and debian. Understand it's impact, potential risks

By Derek Weeks on February 26, 2014 CISO

3 minute read time

In short, open source security can't be an after thought.

CVE-2024-3094 The targeted backdoor supply chain attack against XZ and liblzma

Secure From the Start: Combining Open Source Policies, Practice & Tools

Secure your software supply chain

Subscribe for all the latest software security news and events