July 01, 2026
Security
The XZ Backdoor: What CVE-2024-3094 Taught Us About Supply-Chain Trust
A backdoor that nearly shipped into every major Linux distribution lived in release tarballs and build-test files, not the source code anyone was reading. Here's the anatomy of the attack, the multi-year social engineering behind it, and what it means for how we trust open source.
Read More →
13 min read