me when updating nvidia drivers completely hard breaks my linux install. And even recovery mode can't save me.

on the brightside, I'm pretty sure my os isnt backdoored

if you use linux, UPDATE YOU SYSTEM NOW

XZ got backdoored, specifically the release tarballs of version 5.6.0-1 and 5.6.1-1.

for more information on the status in your specific distro go to their website.

for more information on the backdoor itself its CVE-2024-3094

Back door found in xz-utils packages.

Six hours ago on the day of this writing, malicious code was found in the xz-utils upstream packages. This allows an attacker to remotely compromise a system over ssh. Please take any advised security actions for your distribution of Linux.

Kaspersky and pride

Kaspersky Labs is a cybersecurity firm with headquarters in Moscow.

Here's their technical analysis of the famous XZ backdoor that Andres Freund (of Microsoft) discovered back in March:

It's a fascinating chain of coding wizardry.

The big question is: who was "Jia Tan", the person or team who planted the backdoor? An article in The Economist (which has an anti-Russia bias) amplified speculation that it was Russia’s foreign-intelligence service (while admitting "the evidence is too weak to nail down a culprit").

The Economist article ends by quoting Michal Zalewski: “The bottom line is that we have untold trillions of dollars riding on top of code developed by hobbyists.”

As an open-source software developer, I get a weird thrill from news stories about FOSS, even when the stories are alarming. Not that I've ever worked on anything as crucial as XZ or Log4j, mind you! But seeing an obscure subject (which I care deeply about) getting public attention ... causes me to feel better about my hobby.

Pride. That's what I'm getting at.

It's the same feeling I felt when saw a website URL on a billboard for the first time. This was in the mid-90s, when the World Wide Web was an obscure novelty that I happened to be studying. Seeing a company advertise its website validated my (professional) interest in HTTP servers.

tired of seeing that xz backdoor thing on my twitter... it was interesting at first and good to be aware of but somehow twitter for you page has decided it's the only topic i'm going to see for the next week -_-

Chinese APT Earth Lusca Adds SprySOCKs Backdoor to its Arsenal | Cyware Hacker News

A recently discovered Linux backdoor malware, named SprySOCKS, was observed in a cyberespionage campaign targeting government agencies in multiple countries. The campaign was attributed to the Chinese hacking group Earth Lusca. More about SprySOCKS In the campaign, the attackers used a Linux variant of the ELF injector called mandibule to drop SprySOCKS.  The backdoor employs the ‘HP-Socket’…

View On WordPress

The backdoor itself was added to the tool by one of its two main developers, who had spent three years making real and useful contributions and the past two being one of the two official maintainers. There is still the chance the account was compromised, but if it was, it was an extremely cautious takeover: the malicious code was added to the software periodically over a long period of time, with plausible explanations given every time, and when the final backdoored version was complete, the same user headed over to the developer site for one popular version of Linux to ask that it use the updated version as soon as possible since it supposedly fixed critical bugs. And it came so close to being public. The backdoored version was shipped in the beta versions of three different versions of Linux, and for two days, in the main release of one distribution, Kali Linux. When there, it allowed someone with the right private key to start a new encrypted connection and hijack the machine entirely. So how was it spotted? A single Microsoft developer was annoyed that a system was running slowly. That’s it. The developer, Andres Freund, was trying to uncover why a system running a beta version of Debian, a Linux distribution, was lagging when making encrypted connections. That lag was all of half a second, for logins. That’s it: before, it took Freund 0.3s to login, and after, it took 0.8s. That annoyance was enough to cause him to break out the metaphorical spanner and pull his system apart to find the cause of the problem.

TechScape: How one man stopped a potentially massive cyber-attack – by accident | Technology | The Guardian

Rogue npm Packages Mimic Telegram Bot API to Plant SSH Backdoors on Linux Systems

Source: https://thehackernews.com/2025/04/rogue-npm-packages-mimic-telegram-bot.html

More info: https://socket.dev/blog/npm-malware-targets-telegram-bot-developers

Accidentally Cursed myself

Decided to uninstall Microsoft 365 off of my computer because I don't use it, haven't used it in quite a while, and don't need to use any of the programs for it since I've found an alternative thats better... I'm gonna have to reinstall it because it's making my computer so slow!

I was doing it to make space on my computer since I'm never using that program again and windows doesn't like that. I've been learning how to program Linux and set up a bool so I can switch between windows and Linux if I ever needed Windows for something. Slowly working on not needing to use Windows again.

Especially with their instant need that Copilot must be on. That and I don't wanna move over to Win11. No thank you to that. Plus the backdoor security risk Copilot leaves is something that I really want to get away from. So getting all that figured out.

The malicious changes were submitted by JiaT75, one of the two main xz Utils developers with years of contributions to the project. “Given the activity over several weeks, the committer is either directly involved or there was some quite severe compromise of their system,” Freund wrote. “Unfortunately the latter looks like the less likely explanation, given they communicated on various lists about the ‘fixes’” provided in recent updates. Those updates and fixes can be found here, here, here, and here. On Thursday, someone using the developer's name took to a developer site for Ubuntu to ask that the backdoored version 5.6.1 be incorporated into production versions because it fixed bugs that caused a tool known as Valgrind to malfunction. “This could break build scripts and test pipelines that expect specific output from Valgrind in order to pass,” the person warned, from an account that was created the same day. One of maintainers for Fedora said Friday that the same developer approached them in recent weeks to ask that Fedora 40, a beta release, incorporate one of the backdoored utility versions. “We even worked with him to fix the valgrind issue (which it turns out now was caused by the backdoor he had added),” the Ubuntu maintainer said. "He has been part of the xz project for two years, adding all sorts of binary test files, and with this level of sophistication, we would be suspicious of even older versions of xz until proven otherwise." Maintainers for xz Utils didn’t immediately respond to emails asking questions.

The upstream xz repository and the xz tarballs have been backdoored.

At first I thought this was a compromise of debian's package, but it turns out to be upstream.

pray for your distro maintainers folks. if you use Linux then your distro's site should have steps to take to check if you're affected/etc

Man, the XZ situation is wild.

So, apparently, a few days ago a MAJOR vulnerability was discovered in a VERY important Linux library. Now, you may not be using Linux as your daily driver, but your phone does. And most servers. So this is a big deal.

It turns out a couple of bad actors PRESSURED the author of the library into applying their updates. Because of course it's an unpaid open-source project by one guy. So, anyway, they pressured him by sending him a million e-mails with shit like "IF WE DON'T APPLY THIS UPDATE, THERE WILL BE NO PROGRESS ON THE PROJECT" until he acquiesed. And those updates are what introduced the backdoor to a LOT of systems.

And it was only discovered, because some dude working at Microsoft (yes, Microsoft uses Linux servers) noticed a 0.5 second delay. Which is amazing in its own right.

Honestly, it all just brings to light how much we rely on the unpaid work of volunteer enthusiast and how much bad actors can take advantage of that.

Close call

I'm glad the XZ Utils software back door was caught before it spread further: https://www.theverge.com/2024/4/2/24119342/xz-utils-linux-backdoor-attempt