Open-source software supply chain attacks

xz backdoor

• https://boehs.org/node/everything-i-know-about-the-xz-backdoor
• https://lwn.net/ml/oss-security/20240329155126.kjjfduxw2yrlxgzm@awork3.anarazel.de/
• https://gist.github.com/thesamesam/223949d5a074ebc3dce9ee78baad9e27

PyPI

https://arstechnica.com/security/2024/03/pypi-halted-new-users-and-projects-while-it-fended-off-supply-chain-attack/