Published Mar 29, 2024
Last updated 9 months ago
CVE-2024-3094 refers to a supply chain compromise discovered in versions 5.6.0 and 5.6.1 of XZ Utils, a widely used data compression software found in major Linux distributions. Malicious code was surreptitiously introduced into the upstream tarballs of XZ Utils. Through a series of complex obfuscations, the build process for the `liblzma` library (a core component of XZ Utils) extracts a prebuilt object file from a disguised test file within the source code. This object file then modifies specific functions within the `liblzma` code. This modification results in a compromised `liblzma` library that can be leveraged by any software linked against it. Specifically, the malicious code targets the OpenSSH server (SSHD) process, allowing a remote attacker with a specific private key to send arbitrary payloads that are executed before the authentication step, potentially leading to unauthorized remote code execution. The vulnerability was discovered on March 28, 2024, by Andres Freund, who noticed unusual CPU usage and errors related to `liblzma` during SSH logins.
The attack is believed to be a nation-state level attack, and only the rogue developer and groups with which the compromised key has been shared would be able to gain access. As such, it is not likely to be widely exploited.
More information is available in our blog post here.
Red Hat Warns of Backdoored Linux Tool: CVE-2024-3094 Puts Systems at Risk https://t.co/Um5UGUcy7e
@osourcenews
15 Apr 2026
45 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Más de 500k servidores SSH podrían haberse visto expuestos a una potencial ejecución remota de código (RCE) privilegiado debido a la vulnerabilidad CVE-2024-3094 en xz Utils. Esta vulnerabilidad fue intencionalmente insertada por un atacante en las versiones 5.6.0 y 5.6.1 de
@BotBauR
8 Apr 2026
41 Impressions
1 Retweet
1 Like
0 Bookmarks
1 Reply
0 Quotes
CVE-2024-3094 Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations ... https://t.co/TPe3c2PGmv https://t.co/LkNv7HQ5yv
@CVEradars
2 Apr 2026
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Threat Alert: *Supply Chain Attacks Targeting DevSecOps Tools (2024‑2026)* 📅 Date: 2024-03-28 to 2026-03-24 📆 Timeline: - 2024-03-28: XZ Utils backdoor discovered (CVE-2024-3094). - 2025-03-14: reviewdog/action-setup compromise → tj-actions/changed-files; memory-
@syedaquib77
1 Apr 2026
45 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
NEW THREAT INTEL: 36-Month Supply Chain Campaign - CVE-2024-3094, CVE-2025-30066, CVE-2025-30154 targeting DevSecOps tools. 9 detections, 25 IOCs. https://t.co/zzfpPPRubl #ThreatIntel #CyberSecurity #SupplyChain https://t.co/v6VlWmFXLa
@threadlinqs
1 Apr 2026
188 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
https://t.co/feGsMWjZiq Linux系OSにおけるXZ Utilsのバックドア問題(CVE-2024-3094)に関するレポートです。リモートから不正アクセスを受ける致命的な問題です。該当バージョンを利用している場合は直ちにアップデー
@Anti_Ch_PCgc
1 Apr 2026
55 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Critical Alert: Malicious code found in 'xz' compression tool (CVE-2024-3094) allows unauthorized remote access to Linux systems. Immediate action required! Link: https://t.co/utFPJ66waV #Security #Linux #CVE #Alert #Threat #Vulnerability #Patch #Update #System #Attack #Exploit h
@dailytechonx
28 Mar 2026
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
📌 تحذير Red Hat بشأن تضمين برمجيات خبيثة في أداة Linux شائعة تتيح وصولاً غير مصرح به للأنظمة أصدرت Red Hat تحذيراً أمنياً حرجاً بشأن اكتشاف كود خبيث معقد مدمج في
@MisbarSec
27 Mar 2026
232 Impressions
0 Retweets
5 Likes
0 Bookmarks
0 Replies
0 Quotes
BREAKING: Red Hat warns CVE-2024-3094 malware in xz compression utility enables remote unauthenticated access to Linux systems in sophisticated supply chain attack. https://t.co/5aehiddZVP
@threatcluster
27 Mar 2026
41 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-3094だけど新着記事だから紹介してみたものの目新しいことが全く無いので削除しました
@yousukezan
27 Mar 2026
874 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 𝐍𝐞𝐰 𝐯𝐮𝐥𝐧𝐞𝐫𝐚𝐛𝐢𝐥𝐢𝐭𝐲 𝐚𝐧𝐚𝐥𝐲𝐬𝐢𝐬 𝐩𝐮𝐛𝐥𝐢𝐬𝐡𝐞𝐝! Uncover how CVE-2024-3094 in XZ Utils triggered a national police outreach and why supply-chain risk monitoring is critical for proactive
@PurpleOps_io
26 Mar 2026
32 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
今、面白くセキュリティの話を説明できないかなと思っていたら面白い動画があった。 CVE-2024-3094をおそらく題材にしたのだと推測されるけど、よくまとまっている。 https://t.co/wHewFyLBn7 最後のしめくくりが
@mikekousyaku
20 Mar 2026
108 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Jia Tan, a ghost almost backdoored the entire internet. CVE-2024-3094. Severity 10. Then vanished forever. Now he's a coin. And he brought a game. https://t.co/bDIVd06kjQ
@abanonded
15 Mar 2026
3 Impressions
0 Retweets
1 Like
0 Bookmarks
2 Replies
0 Quotes
An investigation into the XZ Utils backdoor (CVE-2024-3094), detailing Jia Tan's multi-year social engineering campaign and the technical infiltration of Linux. #CyberSecurity #Linux #XZBackdoor #OpenSource #TechThriller https://t.co/H1TBvADPou
@galvin_8386
12 Mar 2026
5 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2024-3094 2 - CVE-2025-43300 3 - CVE-2026-2796 4 - CVE-2026-1602 5 - CVE-2025-11411 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
11 Mar 2026
224 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
The XZ Utils backdoor (officially tracked as CVE-2024-3094) refers to one of the most serious supply-chain attacks discovered in open-source software in recent years Andres Freund noticed strange performance issues and delays in sshd login attempts while t https://t.co/jUQxSl5WeX
@Patrick12131682
10 Mar 2026
45 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
A Microsoft engineer noticed ssh was 500ms slower than usual. That lag just saved the entire Linux ecosystem from a state-sponsored backdoor. Here's how CVE-2024-3094 nearly pwned every SSH server on earth. 🧵 https://t.co/2krl4iRZN9
@emredogancloud
9 Mar 2026
50 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
الخبر مر بهدوء: مهندس مايكروسوفت لاحظ تأخير 500ms في SSH، فاكتشف backdoor في XZ Utils. ثغرة CVE-2024-3094 من هجوم supply chain مدروس سنتين، كان ممكن يسيطر على سيرفرات العالم. ت
@Ibn_al_Mundhir
4 Mar 2026
36 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Day 31: Today I dove into CVE-2024-3094, the infamous XZ Utils backdoor. 🛡️💻 This wasn't just a bug; it was a multi-year "long con" supply chain attack that nearly broke the internet. Here’s what I learned: 🧵 #infosec #XZUtils
@dheeraditya1
28 Feb 2026
54 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Do you know story behind CVE-2024-3094? In 2024, a backdoor hidden inside the XZ compression library nearly turned Linux’s most reliable component: OpenSSH into a universal master key for millions of servers. https://t.co/7fUKhu6ziF #CyberSecurity #Linux #OpenSource #SupplyCha
@cloudarcio
27 Feb 2026
6 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Just watched the @veritasium Youtube video on the XZ Utils backdoor (CVE-2024-3094). In 2024, while everyone was hyped about AI, a years-long "long con" almost crippled the global Linux ecosystem. It’s terrifying how close we came to a total security meltdown. 👇
@SaikatMondal021
26 Feb 2026
56 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
I remember checking VMs & build boxes for this backdoor. (screenshot from @veritasium vid). XZ Utils Backdoor (CVE-2024-3094) is a critical supply-chain vulnerability discovered in the widely used Linux compression library xz (specifically versions 5.6.0 and 5.6.1). This ht
@oblivion314159
26 Feb 2026
184 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
1 Quote
🚨 CVE-2024-3094 : XZ UTILS SUPPLY CHAIN BACKDOOR AUTHENTICATION BYPASS ALERT 🚨 XZ Utils A critical unauthenticated backdoor has been discovered in XZ Utils liblzma library, allowing attackers to bypass OpenSSH authentication and gain root-level access via a malicious suppl
@OstorlabSec
9 Feb 2026
63 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔓 CVE-2024-3094: a backdoor no XZ Utils quase comprometeu toda a infraestrutura SSH do Linux. Um mantenedor plantou código malicioso por ANOS até ser descoberto por acidente. Supply chain attacks são o novo normal. Você audita suas dependências? #infosec #cybersecurity
@colapsodigital
7 Feb 2026
49 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Automated multi-VM cyber-range using Ludus deploys GOAD and XZbot labs with Elastic Agent for detection validation against live CVE-2024-3094 backdoor attacks. AI-driven hunting via Elastic SIEM/XDR enhances forensics. #GOADLabs #AIHunting https://t.co/IeYDJ05Tpl
@TweetThreatNews
7 Feb 2026
179 Impressions
0 Retweets
2 Likes
2 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2026-21509 2 - CVE-2026-20805 3 - CVE-2024-3094 4 - CVE-2024-1234 5 - CVE-2010-5139 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
3 Feb 2026
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The #xz (CVE-2024-3094) is a perfect example of a #supplychainattack. We have a short explainer on the blog on how our Anchore Enterprise customers and OSS #Syft users can immediately report on it. https://t.co/mkCUEv3kZx https://t.co/vs5tNBAlfO
@anchore
12 Jan 2026
48 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
See how SentinelOne Singularity XDR tackles the xz backdoor (CVE-2024-3094), discovered March 29, 2024, affecting Linux's xz libraries. Key Points: Targets Debian, Fedora via SSH daemon/liblzma Exploits OSS supply chain vulnerabilities Shows even open-source isn't immune to http
@jrfetzer
7 Jan 2026
211 Impressions
1 Retweet
3 Likes
0 Bookmarks
0 Replies
0 Quotes
See how SentinelOne Singularity XDR tackles the xz backdoor (CVE-2024-3094), discovered March 29, 2024, affecting Linux's xz libraries. Key Points: Targets Debian, Fedora via SSH daemon/liblzma Exploits OSS supply chain vulnerabilities Shows even open-source isn't immune to http
@jrfetzer
21 Dec 2025
134 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
See how SentinelOne Singularity XDR tackles the xz backdoor (CVE-2024-3094), discovered March 29, 2024, affecting Linux's xz libraries. Key Points: Targets Debian, Fedora via SSH daemon/liblzma Exploits OSS supply chain vulnerabilities Shows even open-source isn't immune to http
@jrfetzer
4 Dec 2025
233 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
See how SentinelOne Singularity XDR tackles the xz backdoor (CVE-2024-3094), discovered March 29, 2024, affecting Linux's xz libraries. Key Points: Targets Debian, Fedora via SSH daemon/liblzma Exploits OSS supply chain vulnerabilities Shows even open-source isn't immune to http
@jrfetzer
17 Nov 2025
56 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
📢 𝐍𝐞𝐰 𝐂𝐕𝐄 𝐚𝐧𝐚𝐥𝐲𝐬𝐢𝐬 𝐣𝐮𝐬𝐭 𝐝𝐫𝐨𝐩𝐩𝐞𝐝! CVE-2024-3094 exposes a critical backdoor in Linux tools. Uncover how threat intelligence and supply-chain monitoring fight this hidden threat. 🌐 Explore the write-u
@PurpleOps_io
2 Nov 2025
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
See how SentinelOne Singularity XDR tackles the xz backdoor (CVE-2024-3094), discovered March 29, 2024, affecting Linux's xz libraries. Key Points: Targets Debian, Fedora via SSH daemon/liblzma Exploits OSS supply chain vulnerabilities Shows even open-source isn't immune to http
@jrfetzer
31 Oct 2025
68 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
📢 𝐇𝐨𝐭 𝐨𝐟𝐟 𝐭𝐡𝐞 𝐩𝐫𝐞𝐬𝐬: 𝐂𝐕𝐄 𝐢𝐧𝐬𝐢𝐠𝐡𝐭𝐬! Discover how CVE-2024-3094 silently compromised SSH across major Linux systems and learn how to defend with real threat intel and supply chain monitoring. 📖 Check
@PurpleOps_io
19 Oct 2025
80 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
See how SentinelOne Singularity XDR tackles the xz backdoor (CVE-2024-3094), discovered March 29, 2024, affecting Linux's xz libraries. Key Points: Targets Debian, Fedora via SSH daemon/liblzma Exploits OSS supply chain vulnerabilities Shows even open-source isn't immune to http
@jrfetzer
14 Oct 2025
108 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 𝐅𝐫𝐞𝐬𝐡 𝐂𝐕𝐄 𝐚𝐥𝐞𝐫𝐭 𝐣𝐮𝐬𝐭 𝐢𝐧! Learn how CVE-2024-3094 silently compromised XZ Utils in a high-stakes supply-chain backdoor threat-and what your team must do now. 🔗 Read the full breakdown → https://t.co/7GfWiDlpVk Jo
@PurpleOps_io
5 Oct 2025
53 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
See how SentinelOne Singularity XDR tackles the xz backdoor (CVE-2024-3094), discovered March 29, 2024, affecting Linux's xz libraries. Key Points: Targets Debian, Fedora via SSH daemon/liblzma Exploits OSS supply chain vulnerabilities Shows even open-source isn't immune to http
@jrfetzer
27 Sept 2025
120 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
See how SentinelOne Singularity XDR tackles the xz backdoor (CVE-2024-3094), discovered March 29, 2024, affecting Linux's xz libraries. Key Points: Targets Debian, Fedora via SSH daemon/liblzma Exploits OSS supply chain vulnerabilities Shows even open-source isn't immune to http
@jrfetzer
9 Sept 2025
140 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
See how SentinelOne Singularity XDR tackles the xz backdoor (CVE-2024-3094), discovered March 29, 2024, affecting Linux's xz libraries. Key Points: Targets Debian, Fedora via SSH daemon/liblzma Exploits OSS supply chain vulnerabilities Shows even open-source isn't immune to http
@jrfetzer
23 Aug 2025
156 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
35+ Docker Hub images still have XZ-Utils backdoor (CVE-2024-3094), letting attackers bypass SSH auth & run commands as root. Debian keeps backdoored images for archival reasons. Check containers for XZ-Utils 5.6.2+ to avoid this risk in CI/CD pipelines. #Cyber
@bigmacd16684
20 Aug 2025
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
2024年3月に発覚したXZ-Utilsのバッグドア(CVE-2024-3094)が、少なくとも35個のDocker Hub上のイメージに残存している。Binarly社報告。提供元のうちの1つはDebianだが、Debianはリスクは低いとしてイメージは非公開にはし
@__kokumoto
12 Aug 2025
1116 Impressions
3 Retweets
8 Likes
2 Bookmarks
0 Replies
1 Quote
【サプライチェーン攻撃の残存】2024年3月に発見されたXZ-Utilsバックドア(CVE-2024-3094)が、Docker
@nakajimeeee
12 Aug 2025
347 Impressions
0 Retweets
2 Likes
2 Bookmarks
0 Replies
0 Quotes
The XZ-Utils backdoor (CVE-2024-3094) still exists in many Linux images on Docker Hub, including Debian’s, enabling root access via SSH bypass. Upgrade to version 5.6 to mitigate risk. #DockerSecurity #LinuxImages #Debian https://t.co/4hS7y4nTLO
@TweetThreatNews
12 Aug 2025
106 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ What is the #xz utilz impact? @Josh Bressers, our VP of Security, deep dives on CVE-2024-3094 and what to do today: https://t.co/mkCUEv3kZx #opensource https://t.co/0US6CoGGTD
@anchore
9 Aug 2025
76 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
See how SentinelOne Singularity XDR tackles the xz backdoor (CVE-2024-3094), discovered March 29, 2024, affecting Linux's xz libraries. Key Points: Targets Debian, Fedora via SSH daemon/liblzma Exploits OSS supply chain vulnerabilities Shows even open-source isn't immune to http
@jrfetzer
6 Aug 2025
103 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
See how SentinelOne Singularity XDR tackles the xz backdoor (CVE-2024-3094), discovered March 29, 2024, affecting Linux's xz libraries. Key Points: Targets Debian, Fedora via SSH daemon/liblzma Exploits OSS supply chain vulnerabilities Shows even open-source isn't immune to http
@jrfetzer
20 Jul 2025
177 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
See how SentinelOne Singularity XDR tackles the xz backdoor (CVE-2024-3094), discovered March 29, 2024, affecting Linux's xz libraries. Key Points: Targets Debian, Fedora via SSH daemon/liblzma Exploits OSS supply chain vulnerabilities Shows even open-source isn't immune to http
@jrfetzer
3 Jul 2025
66 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
See how SentinelOne Singularity XDR tackles the xz backdoor (CVE-2024-3094), discovered March 29, 2024, affecting Linux's xz libraries. Key Points: Targets Debian, Fedora via SSH daemon/liblzma Exploits OSS supply chain vulnerabilities Shows even open-source isn't immune to http
@jrfetzer
16 Jun 2025
66 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
See how SentinelOne Singularity XDR tackles the xz backdoor (CVE-2024-3094), discovered March 29, 2024, affecting Linux's xz libraries. Key Points: Targets Debian, Fedora via SSH daemon/liblzma Exploits OSS supply chain vulnerabilities Shows even open-source isn't immune to http
@jrfetzer
30 May 2025
73 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
See how SentinelOne Singularity XDR tackles the xz backdoor (CVE-2024-3094), discovered March 29, 2024, affecting Linux's xz libraries. Key Points: Targets Debian, Fedora via SSH daemon/liblzma Exploits OSS supply chain vulnerabilities Shows even open-source isn't immune to http
@jrfetzer
13 May 2025
73 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tukaani:xz:5.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "73F1DAD7-F362-4C5B-B980-2E5313C369DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tukaani:xz:5.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "55782A0B-B9C5-4536-A885-84CAB7029C09",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]