Internet estaba a semanas del desastre y nadie lo sabía

«Cómo un solo ataque informático infectó el sistema operativo más importante del mundo».

Vía: Veritasium en español

#Tecnología #Ciencia #Veritasium #DerekMuller #Internet #GNU #Linux #XZUtils #RSA #JiaTan #LasseCollin #AndresFreund

Original post on infosec.exchange

Weekend Reads

* Phrack #72
https://phrack.org/issues/72/1
* DNS at IETF 123
https://www.potaroo.net/ispcol/2025-08/dns_ietf123.html
* History of Hawaii subsea cables
www.sciencedirect.com/science/article/pii/S030...
* China GFW disrupted TCP 443 traffic […]

Persistent Risk: XZ Utils Backdoor Still Lurking in Docker Images In this blog, we share a new finding in the XZ Utils saga: several Docker images built around the time of the compromise contain the backdoor. At first glance, this might not seem alarming: if the…

⚠️ Persistent Risk: XZ Utils Backdoor Still Lurking in Docker Images

www.binarly.io/blog/persist...

#xzutils #backdoor #docker

バックドア付きXZ utilsがDockerイメージに残っている話。バックドアが付いたままイメージ作って更新されなければ、そりゃ残るよなぁ #linux #docker #xzutils

Persistent Risk: XZ Utils Backdoor Still Lurking in Docker Images: www.binarly.io/blog/persistent-risk-xz-...

“Même un code malveillant de courte durée peut rester longtemps inaperçu” : DockerHub recèlerait la porte dérobée XZ dans les paquets #xzutils !

blog.sosordi.net/2025/08/meme...

#securite #Internet #Linux #Docker

Backdoor in XZ Utils attiva in Docker Hub, attacchi brute-force su Fortinet e 3300 NetScaler vulnerabili aggravano l’allerta cyber globale.

#backdoor #bruteforce #CitrixBleed #fortinet #Matrix #NetScaler #supplychain #XZUtils
www.matricedigitale.it/2025/08/13/b...

the biggest hack that never happened: the xz utils story kill switch · Episode

open.spotify.com/episode/5uGk... #Podcasts #KillSwitchPodcast #XZUtils

XZ Utils

#XZUtils 5.8.1 (stable) has been released ( #xz / #LZMAUtils / #LZMA / #LZMA2 / #DataCompression ) tukaani.org/xz/

ITちゃんねる 圧縮ツールに深刻な脆弱性、すぐに確認とアップデートを #XZUtils #ITニュース

圧縮ツールに深刻な脆弱性、すぐに確認とアップデートを
#XZUtils #ITニュース

CVE-2025-31115: XZ Utils Hit Again with High-Severity Multithreaded Decoder Bug Learn about the XZ Utils vulnerability and its impact on data compression tools. Understand CVE-2025-31115 and its risks.

CVE-2025-31115: XZ Utils Hit Again with High-Severity Multithreaded Decoder Bug
A critical flaw in XZ Utils affects multithreaded decoding, risking system crashes and potential exploitation. Patch your systems now.

securityonline.info/cve-2025-311...
#Cybersecurity #XZUtils #Vulnerability

XZ Utils

#XZUtils 5.8.0 (stable) has been released ( #xz / #LZMAUtils / #LZMA / #LZMA2 / #DataCompression ) tukaani.org/xz/

XZ Utils introduce nuove opzioni di build multipiattaforma, mentre Rescuezilla 2.6 migliora la compatibilità hardware e UEFI con Ubuntu 24.10.

#backup #clonezilla #immagineISO #Linux #Partclone #rescuezilla #Rescuezilla26 #SecureBoot #Ubuntu2410 #XZUtils
www.matricedigitale.it/tech/xz-util...

XZ Utils introduce nuove opzioni di build multipiattaforma, mentre Rescuezilla 2.6 migliora la compatibilità hardware e UEFI con Ubuntu 24.10.

#backup #clonezilla #immagineISO #Linux #Partclone #rescuezilla #Rescuezilla26 #SecureBoot #Ubuntu2410 #XZUtils
www.matricedigitale.it/tech/xz-util...

XZ Utils introduce nuove opzioni di build multipiattaforma, mentre Rescuezilla 2.6 migliora la compatibilità hardware e UEFI con Ubuntu 24.10.

#backup #clonezilla #immagineISO #Linux #Partclone #rescuezilla #Rescuezilla26 #SecureBoot #Ubuntu2410 #XZUtils
www.matricedigitale.it/tech/xz-util...

XZ Utils

#XZUtils 5.7.1 Alpha (dev) has been released ( #xz / #LZMAUtils / #LZMA / #LZMA2 / #DataCompression ) tukaani.org/xz/

XZ Utils

#XZUtils 5.6.4 (stable) has been released ( #xz / #LZMAUtils / #LZMA / #LZMA2 / #DataCompression ) tukaani.org/xz/

L’étape 2 (devenir contributeur officiel sur le projet xz-utils, pour pouvoir initier sa backdoor). Et là on est vraiment dans du hacking social pur jus.

#snowCamp #Xzutils

Best of 2024: An Accidental Discovery of a Backdoor Likely Prevented Thousands of Infections ... Read more » The post An Accidental Discovery of a Backdoor Likely Prevented Thousands of Infections appeared first on Deepfactor.

2024年のベスト：バックドアの偶然の発見により、数千件の感染が防がれた可能性

Best of 2024: An Accidental Discovery of a Backdoor Likely Prevented Thousands of Infections #SecurityBoulevard (Dec 24)

#XZUtils #バックドア #サプライチェーン攻撃 #SSH脆弱性 #セキュリティインシデント

If you can’t make it, I will post materials in a few weeks, stay tuned.
See you at SecTor - and if I miss ya, drop me a DM!
PS Looks like there's breakfast and lunch too...
#opensourcesoftware #cybersecurity #xzutils #toronto

XZ Utils

#XZUtils 5.6.3 (stable) has been released ( #xz / #LZMAUtils / #LZMA / #LZMA2 / #DataCompression ) tukaani.org/xz/

Et halvt sekund reddede internettet fra kollaps. Nogen havde plantet en tidsindstillet bombe. Men hvem? I foråret saboterede en tysk computeringeniør, hvad der kunne have været et af de mest ødelæggende cyberangreb. Det var rent tilfælde. Hvorfor er verden sådan? Det undersøger vi i dag.

Was talking #Linux to a friend and mentioned most of the internet is built on it. He, a well-informed person, had never heard about #XZutils attack but #Zetland have a very nice summary (in Danish, DeepL works well) so I'm sharing it again here
🎁

XZ Utils

#XZUtils 5.6.2 (stable) has been released ( #xz / #LZMAUtils / #LZMA / #LZMA2 / #DataCompression / #CVE / #CVE20243094) tukaani.org/xz/

XZ Utils

#XZUtils 5.4.7 (old stable) has been released ( #xz / #LZMAUtils / #LZMA / #LZMA2 / #DataCompression) tukaani.org/xz/

🗞Time to catch up on #cybersecurity headlines! The #supplychain attacks impacting #XZUtils operations has attracted major buzz this month. Get the deets on this story & more.

➕ Read up on #threatactor trends, #malware insights & top #CVEs this month. 👍 ⤵

cybersixgill.com/behind-the-h... #infosec

The Open Source Security Foundation and the OpenJS Foundation raise alarm bells: The attempt to insert a secret #backdoor into #XZUtils may not be an isolated incident. Stay vigilant in safeguarding open-source projects from potential security threats. #OpenSource #Security

Popular Rust Crate liblzma-sys Compromised with XZ Utils Backdoor Files Malicious "test files" linked to the XZ Utils backdoor found in popular Rust crate liblzma-sys, downloaded over 21,000 times.

Popular Rust Crate liblzma-sys Compromised with XZ Utils Backdoor Files
thehackernews.com/2024/04/popu...
#Infosec #Security #Cybersecurity #CeptBiro #Rust LiblzmaSys #XZUtils #Backdoor

Balbix Guide to XZ Utils Backdoor | Balbix XZ Utils is a collection of open-source command-line tools for lossless data compression, including XZ and LZMA. It is an upstream package for almost all Linux distributions.

Balbix Guide to XZ Utils Backdoor
www.balbix.com/blog/balbix-...
#Infosec #Security #Cybersecurity #CeptBiro #Balbix #Guide #XZUtils #Backdoor

Backdoor in XZ Utils That Almost Happened - Schneier on Security

Backdoor in XZ Utils That Almost Happened
schneier.com/blog/archive...
#Infosec #Security #Cybersecurity #CeptBiro #Backdoor #XZUtils #SchneierOnSecurity