Русня из гэбэшной шаражки встроила бэкдор в архиватор xz.

XZ Utils Backdoor
https://www.akamai.com/blog/security-research/critical-linux-backdoor-xz-utils-discovered-what-to-know
> It seems that as part of the effort to gain these permissions, Jia Tan used an interesting form of social engineering: They used fake accounts to send myriad feature requests and complaints about bugs to pressure the original maintainer, eventually causing the need to add another maintainer to the repository.
> After contributing to the code for approximately two years, in 2023 Jia Tan introduced a few changes to XZ that were included as part of release 5.6.0. Among these changes was a sophisticated backdoor.
> The Cybersecurity and Infrastructure Security Agency (CISA) recommended course of action is to downgrade to an uncompromised version, such as 5.4.6


A stealth attack came close to compromising the world’s computers
The cyber-scare, perhaps involving Russia, shows the internet’s crowdsourced code is vulnerable
https://www.economist.com/science-and-technology/2024/04/02/a-stealth-attack-came-close-to-compromising-the-worlds-computers
> In 2020 XKCD, a popular online comic strip, published a cartoon depicting a teetering arrangement of blocks with the label: “all modern digital infrastructure”. Perched precariously at the bottom, holding everything up, was a lone, slender brick: “A project some random person in Nebraska has been thanklessly maintaining since 2003.” The illustration quickly became a cult classic among the technically minded, for it highlighted a harsh truth: the software at the heart of the internet is maintained not by giant corporations or sprawling bureaucracies but by a handful of earnest volunteers toiling in obscurity. A cyber-security scare in recent days shows how the result can be near-disaster.

> On March 29th Andres Freund, an engineer at Microsoft, published a short detective story. In recent weeks he had noticed that SSH—a system to log on securely to another device over the internet—was running about 500 milliseconds more slowly than expected. Closer inspection revealed malicious code embedded deep inside XZ Utils, a piece of software designed for compressing data used inside the Linux operating system, which runs on virtually all publicly accessible internet servers. Those servers ultimately undergird the internet, including vital financial and government services. The malware would have served as a “master key”, allowing attackers to steal encrypted data or plant other malware.