Attacker Social-Engineered Backdoor Code Into XZ Utils

Unlike the SolarWinds and CodeCov incidents, all that it took for an adversary to nearly pull off a massive supply chain attack was some slick social engineering and a string of pressure emails.

https://www.darkreading.com/application-security/attacker-social-engineered-backdoor-code-into-xz-utils