A supply chain compromise was detected in xz libraries, affecting versions 5.6.0 and 5.6.1, which could allow unauthorized system access via sshd authentication.

The infiltration was traced to malicious code within the xz upstream tarballs.

Remediation efforts involve exposure detection, SSH access review, and downgrading to secure versions of XZ Utils.

The OX Active ASPM Platform is available to help identify applications at risk.

Contributors and security teams have been instrumental in uncovering and addressing this security threat.

Further assistance and updates are available from various providers and will be ongoing as the situation is monitored.