Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons

Social Media

Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons
Search the Site
Popular Searches:
technology Amazon AI
Recent Posts
Apple Hide My Email Flaw Exposed Real User Email Addresses
July 1, 2026
Critical Fluentd Vulnerabilities Allow Remote Code Execution
July 1, 2026
Weaponized Google Ads Install Malicious Claude Code to Hijack macOS
July 1, 2026
Home/Vulnerabilities/Critical Red Hat Polkit Flaw (CVE-2021-3560) Lets Attackers Gain Root Privileges
Vulnerabilities

Critical Red Hat Polkit Flaw (CVE-2021-3560) Lets Attackers Gain Root Privileges

Key Takeaways A sophisticated supply chain attack has injected malicious code into versions 5.6.0 and 5.6.1 of the xz compression utility. The vulnerability, tracked as CVE-2024-3094, allows...

Marcus Rodriguez
Marcus Rodriguez
March 27, 2026 3 Min Read
51 0

Key Takeaways

  • A sophisticated supply chain attack has injected malicious code into versions 5.6.0 and 5.6.1 of the xz compression utility.
  • The vulnerability, tracked as CVE-2024-3094, allows attackers to bypass authentication and gain unauthorized remote access to affected Linux systems via SSH.
  • Red Hat Enterprise Linux (RHEL) is unaffected, but Fedora Rawhide, Fedora Linux 40 beta, Debian unstable (Sid), and some openSUSE distributions are exposed.
  • Immediate action, including downgrading xz to a safe version (5.4.x), is critical to mitigate the risk.

Critical Supply Chain Attack Discovered in XZ Compression Utility

Red Hat has issued an urgent security alert concerning a highly sophisticated supply chain compromise found within recent iterations of the widely used “xz” compression tools and libraries. This malicious code injection, identified as CVE-2024-3094, could enable threat actors to circumvent authentication mechanisms and achieve unauthorized remote access to vulnerable Linux systems.

Table Of Content

  • Key Takeaways
  • Critical Supply Chain Attack Discovered in XZ Compression Utility
  • Stealthy Injection and Activation
  • Affected Linux Distributions
  • What You Should Do

The xz utility is a foundational component across nearly all commercial and community Linux distributions, primarily employed for compressing large files to facilitate efficient data transfer. Security researchers uncovered that malicious code was subtly embedded into versions 5.6.0 and 5.6.1 of this essential utility.

Stealthy Injection and Activation

Attackers employed advanced obfuscation techniques to conceal their activities. The malicious code is not directly visible within the primary Git repository. Instead, it is activated by a hidden M4 macro that is exclusively included in the full distribution download package. During the software build process, this concealed macro compiles secondary artifacts that subtly alter the library’s intended functionality.

Once deployed on a system, the compromised build directly interferes with the authentication processes of sshd through systemd. Secure Shell (SSH) is the industry-standard protocol for remote system administration. This interference grants malicious actors the ability to bypass authentication checks, thereby gaining complete and unauthorized remote access to the affected machine.

Affected Linux Distributions

Red Hat has confirmed that no versions of Red Hat Enterprise Linux (RHEL) are impacted by this vulnerability. Within the Red Hat ecosystem, the compromised packages are limited to Fedora Rawhide and the Fedora Linux 40 beta.

Users of Fedora Rawhide might have installed either version 5.6.0 or 5.6.1. Similarly, Fedora 40 beta environments were exposed to version 5.6.0 through recent update cycles. While Red Hat notes that the malicious code injection does not appear to have successfully executed in Fedora 40 builds, the mere presence of these compromised libraries still poses a significant security risk.

Beyond Red Hat, other community distributions are also confronting this threat. Evidence indicates that the injected code successfully built in Debian unstable (Sid) and several openSUSE distributions, necessitating broad vigilance across the Linux ecosystem.

What You Should Do

  • Immediate Downgrade: System administrators must urgently audit their infrastructure for xz versions 5.6.0 and 5.6.1 and replace them without delay. The recommended safe version is 5.4.x.
  • Fedora Rawhide Users: Red Hat strongly advises users to completely halt all usage of Fedora Rawhide instances for both work and personal activities until the system is fully reverted to the safe xz-5.4.x version.
  • Fedora Linux 40 Beta Users: An emergency update has been released to force a downgrade to the 5.4.x build. Apply this update immediately.
  • OpenSUSE and Debian Users: Consult your specific distribution maintainers for immediate downgrade procedures and updated packages.
  • Audit and Monitor: Actively audit your network infrastructure for any systems running the compromised xz versions and implement continuous monitoring for suspicious activity related to SSH authentication.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.

Tags:

AttackBreachCVEMalwareSecurityThreatVulnerability

Share Article

Marcus Rodriguez

Marcus Rodriguez

Marcus is a security researcher and investigative journalist with expertise in vulnerability research, bug bounties, and cloud security. Since 2017, Marcus has been breaking stories on critical vulnerabilities affecting major platforms. His investigative work has led to the disclosure of numerous security flaws and improved defenses across the industry. Marcus is an active participant in bug bounty programs and has been recognized for responsible disclosure practices. He holds multiple security certifications and regularly speaks at industry events.

Previous Post

Critical Citrix NetScaler, Gateway Flaws Let Remote Attackers Leak Data

Next Post

Critical Telnyx PyPI Package Compromised in TeamPCP Supply Chain Attack

No Comment! Be the first one.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Popular Posts
Critical Citrix NetScaler ADC and Gateway Bugs Allow DoS, Memory Overflow
July 1, 2026
Critical Vulnerability in Windows Drivers Lets Attackers Disable Security Software
July 1, 2026
Automotive Manufacturer Boosts SOC Triage Speed, Closes Supplier Security Gap
July 1, 2026
Top Authors
Marcus Rodriguez
Marcus Rodriguez
Jennifer sherman
Jennifer sherman
Emy Elsamnoudy
Emy Elsamnoudy
Let's Connect
156k
2.25m
285k

Related Posts

Jennifer sherman
By Jennifer sherman
Threats

GlassWorm Attacks macOS via Malicious VS Code…

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Attacks

ClickFix Attack Hides Malicious Code via Stegan Security

January 1, 2026
Sarah simpson
By Sarah simpson
Vulnerabilities

MongoBleed Detector Tool Released to Detect MongoDB Vulnerability(CVE-2025-14847)

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Breaches

Conti Ransomware Gang Leaders & Infrastructure Exposed

January 1, 2026
Hackers News Hackers News
  • [email protected]

Quick Links

  • Contact Us
  • Privacy Policy
  • Terms of service

Categories

Attacks
Breaches
Comparisons
CyberSecurity News
Threats
Vulnerabilities

Let's keep in touch

receive fresh updates and breaking cyber news every day and week!

All Rights Reserved by HackersRadar ©2026

Follow Us