Peter on Nostr: The recent ZX hack is quite an impressive long con hack on a carefully picked open ...
The recent ZX hack is quite an impressive long con hack on a carefully picked open source project, slowly gaining trust and then getting hidden malicious code signed. Glad this was found early and did not land into debian LTS, would have been quite bad. Check out the tldr video or jfrog post mortem:
https://youtu.be/bS9em7Bg0iU?si=6QI-fZQ3pm0baIzB
https://jfrog.com/blog/xz-backdoor-attack-cve-2024-3094-all-you-need-to-know/
https://youtu.be/bS9em7Bg0iU?si=6QI-fZQ3pm0baIzB
https://jfrog.com/blog/xz-backdoor-attack-cve-2024-3094-all-you-need-to-know/