On Friday March 29, Microsoft employee Andres Freund shared that he had found odd symptoms in the xz package on Debian installations. Freund noticed that ssh login was requiring a lot of CPU and decided to investigate leading to the discovery.
The vulnerability has received the maximum security ratings with a CVS score of 10 and a Red Hat Product Security critical impact rating.
Security researchers have observed a highly sophisticated phishing campaign targeting employees of the US Federal Communications Commission (FCC), as well as popular crypto exchanges Binance, Coinbase, Kraken, and Gemini.
The as-yet-unidentified threat actor is going after people’s login credentials for Okta, researchers from Lookout found.