XZ Utils SSHd Backdoor 

On March 29, 2024 a researcher disclosed a supply-chain backdoor in XZ Utils 5.6.0 and 5.6.1 (CVE-2024-3094, CVSS 10) where malicious M4 macro code in release tarballs can modify liblzma during build to interfere with sshd authentication and potentially allow remote unauthorized access; multiple distributions and installation/media images were impacted and guidance recommends reverting to earlier uncompromised XZ releases, applying distro-specific mitigations, and performing hunting/incident response.