Topic description: "Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0 ..."
"On the one hand, it's backdoored software, so "exploitation" could arguably have already occurred (in the form of an already executed supply chain attack) ..."