Software Supply Chain Attack | Breaking Cybersecurity News | The Hacker News

New research has uncovered Docker images on Docker Hub that contain the infamous XZ Utils backdoor, more than a year after the discovery of the incident. More troubling is the fact that other images have been built on top of these infected base images, effectively propagating the infection further in a transitive manner, Binarly REsearch said in a report shared with The Hacker News. The firmware security company said it discovered a total of 35 images that ship with the backdoor. The incident once again highlights the risks faced by the software supply chain. Binarly's Alex Matrosov told the publication that the investigation was prompted after it detected malicious code in one of their customer's environments, ultimately finding that the images had been pulled from Docker Hub. The XZ Utils supply chain event (CVE-2024-3094, CVSS score: 10.0) came to light in late March 2024, when Andres Freund sounded the alarm on a backdoor embedded within XZ Utils versions 5.6.0 and 5...