500ms to midnight: XZ / liblzma backdoor

On March 29, 2024 a maintainer-introduced backdoor was discovered in XZ Utils' liblzma (versions 5.6.0 and 5.6.1) via malicious build-script changes that decode and embed an obfuscated payload; the backdoor can bypass SSH authentication in a pre-auth context and was distributed in some builds and package channels. The impact was limited by low distribution and quick discovery, and Elastic published YARA signatures, osquery checks, and EQL detection rules while maintainers rolled affected packages back.