This content is viewable by Everyone

Malicious Code Embedded in XZ Utils

CISA and the open-source community are responding to reports of malicious code being embedded in XZ Utils versions 5.6.0 and 5.6.1. The malicious code may allow unauthorized access to affected systems. 

For a complete description of the vulnerabilities and affected systems go to: Reported Supply Chain Compromise Affecting XZ Utils Data Compression Library, CVE-2024-3094.

IT Security

Read more about IT Security service offerings.