I suppose this is a reference to the xz/liblzam situation with the malicious code that lead to ssh connectivity

https://hackaday.com/2024/03/29/security-alert-potential-ssh-backdoor-via-liblzma/