xz backdoor in the news the past few days - the gist of it is that it can (seemingly) break SSH authentication.
Hacker News thread (one of many) XZ backdoor: “It’s RCE, not auth bypass, and gated/unreplayable.” | Hacker News (ycombinator.com)
Easy to read explainer, focused on the Jia Tan persona associated with the whole situation: Everything I know about the XZ backdoor (boehs.org)
It’s interesting to reflect on the fact that open source is at the center of a lot of commercial systems. While the story reads a bit like a movie plot - remember Cliff Stoll’s cuckloo egg?
EDIT: This is a classic and a timeless read. Dates back to 1984. Follow-up from 2023 here