The xz backdoor from a Security Engineer persepective
As you probably already heard, the xz
package got compromised.
The package was used as entrypoint to inject malicious code in sshd, altering the authentication flow. This forged vulnerability is now known as CVE-2024-3094.