InfoSecBulletin Cybersecurity for mankind
Red Hat and the US cybersecurity agency CISA issued a warning on Good Friday about harmful code found in a widely used Linux tool.
CVE-2024-3094 is a security vulnerability in XZ Utils, a compression tool widely used in Linux distributions. Red Hat issued an advisory about the problem on Friday afternoon.
YouTube geo-blocks at least 4 Bangladeshi TV channels in India
Microsoft Patches Four Critical Azure and Power Apps Vulns
Qilin Ransomware topped April 2025 with 45+ data leak disclosures
SonicWall Patches 3 Flaws in SMA 100 Devices
Top Ransomware Actively Attacking Financial Sector: 406 Incidents Disclosed
Critical (CVSS 10) Flaw in Cisco IOS XE WLCs Allows RRA
CVE-2025-29824
Play Ransomware Exploited Windows CVE-2025-29824 as Zero-Day
Hacker exploited Samsung MagicINFO 9 Server RCE flaw
CISA adds Langflow flaw to its KEV catalog
Google Fixes Android Flaw (CVE-2025-27363) Exploited by Attackers
The Cybersecurity and Infrastructure Security Agency, with the open source community, is addressing reports of harmful code in XZ Utils versions 5.6.0 and 5.6.1 that could allow unauthorized access to systems.
“CISA recommends developers and users to downgrade XZ Utils to an uncompromised version—such as XZ Utils 5.4.6 Stable—hunt for any malicious activity and report any positive findings to CISA,” the agency said in a notice.
Red Hat’s security team discovered a vulnerability on Thursday in the latest version of XZ, which contained code designed for unauthorized access.
CISA did not give more details beyond its advisory. Red Hat did not reply to questions about the number of affected systems, who was responsible, or where most victims were.
Red Hat’s advisory notes in all caps that certain users should stop usage for work or personal activity “immediately” and provided links to updates that can be used to mitigate the vulnerability.
A hacker could exploit the vulnerability to remotely access the whole system.
“Current investigation indicates that the packages are only present in Fedora 41 and Fedora Rawhide within the Red Hat community ecosystem. No versions of Red Hat Enterprise Linux (RHEL) are affected,” Red Hat explained.
“Other distributions may also be affected. Users of other distributions should consult with their distributors for guidance. For both personal and business activities, immediately stop using Fedora 41 or Fedora Rawhide. If you are using an affected distribution in a business setting, we encourage you to contact your information security team for next steps.”
Andres Freund, a Microsoft engineer, discovered a problem this week, with researchers tracing back issues to March 26. Experts think it’s a complex attempt to attack open source supply chains, and many researchers are urgently looking to find where the malicious code came from.
Cybersecurity expert John Bambenek said it seems the library at issue “tends to be installed by default on modern Linux distributions so organizations should immediately prioritize downgrading the package until a safe update is released, even if they don’t use the tools themselves.”
