Backdoor Discovered in XZ Utils: Patch Your Systems Now (CVE-2024-3094)

A malicious backdoor was found in the liblzma component of XZ Utils (CVE-2024-3094), present in versions 5.6.0 and 5.6.1, which could allow attackers to gain SSH access without valid credentials; the issue was discovered in late March 2024 before widespread distribution and users are advised to patch, downgrade, or update their systems immediately to mitigate the risk.