Unknown actors have implanted malicious code into versions 5.6.0 and 5.6.1 of the open source compression tools set XZ Utils. To make matters worse, trojanized utilities have managed to find their way into several popular builds of Linux released this March, so this incident could be regarded as a supply-chain attack. This vulnerability has been assigned CVE-2024-3094.
https://www.kaspersky.com/blog/cve-2024 ... oor/50873/