THREAT ALERT: The XZ Backdoor - Supply Chaining Into Your SSH

Cybereason warns of a critical supply-chain backdoor in XZ Utils (CVE-2024-3094, CVSS 10) shipped in versions 5.6.0 and 5.6.1 that can subvert SSH by altering liblzma and OpenSSL linkages to grant pre-authenticated remote root command execution; the alert lists affected Linux distributions and package versions, over 60 SHA256 IOCs, the attacker's embedded public key, technical details of the multi-stage build-time backdoor, and recommends downgrading/updating, using EDR/Hunting queries, and applying provided IOCs for detection and remediation.