XZ Utils Backdoor: A Supply Chain Attack You Should Know About
The XZ Utils backdoor is a supply chain vulnerability — more precisely, a supply-chain-injected vulnerability — planted directly inside the open source project itself. Over a series of co...
XZ Utils is a general-purpose compression suite conceptually similar to .zip or 7-Zip: it takes files and shrinks them so they can be stored or transferred more efficiently. What makes XZ Utils unusual is not the compression algorithm itself, but its reach. The liblzma library that ships as part of XZ Utils is imported as a base-build dependency by nearly every major Linux distribution — Debian, openSUSE, Fedora, Red Hat, Kali Linux, and many others — because so many other system components rely on it for compression services.
That ubiquity is exactly what turned a single poisoned open-source library into a near worst-case supply chain event. A vulnerability injected into a component this foundational does not stay contained to one application; it rides along inside the base operating system image of a huge share of the Linux ecosystem.
This is not a traditional memory-corruption bug like a buffer overflow. It is a deliberately engineered backdoor, hidden in plain sight inside a project that thousands of downstream packages trust implicitly.
Sign in to read this course
A free account unlocks all 514 courses. 20 are readable without one.
What's inside
3 sections- 1 Table of Contents
- 2 Module 1: The XZ Utils Supply Chain Backdoor
- 3 Summary
More Vulnerability Briefings courses
View all 30Apache Commons Text Vulnerability: What You Should Know
Because the library is freely available, widely trusted, and saves developers from writing boilerplate text-processing code, it has been incorporated into a very large number of Java-base...
Atlassian Vulnerability: What You Should Know
This document covers a group of critical advisories describing a series of Remote Code Execution (RCE) vulnerabilities in Atlassian products. The vulnerabilities span multiple products —...
Authentication Bypass at the Security Edge: What You Should Know
Once all required configuration changes were made, attackers established SSL VPN tunnels to the affected devices using the newly created or hijacked accounts.
Next.js Authentication Bypass Vulnerability: What You Should Know
Next.js is a React-based web development framework created and maintained by Vercel. It is widely used to build fast, scalable, and SEO-friendly web applications.
Breaking! React & Next.js Hit by CVSS 10.0 Bug
Every so often, a vulnerability drops that cuts through the noise — not because of the hype, but because it touches a large part of the modern web stack. CVE-2025-55182 is one of those.
ConnectWise ScreenConnect Vulnerability - What You Should Know
Critical security advisory covering CVE-2024-1709 (CVSS 10.0) and CVE-2024-1708 (CVSS 8.4) — authentication bypass and path traversal vulnerabilities in ConnectWise ScreenConnect.
Interested in this course?
Contact us to book it or get a custom training plan for your team.