A critical vulnerability (CVE-2024-3094) has been identified in XZ Utils versions 5.6.0 and 5.6.1. This data compression utility is widely used in many operating systems, primarily Linux distributions. The vulnerability introduces a backdoor, potentially granting malicious actors full remote control of affected systems. Immediate action is required. XZ Utils is a command-line tool on Unix-like operating systems for file compression and decompression. It also includes a library (liblzma) that other software can use. The backdoor was discovered by a PostgreSQL developer at Microsoft. As of March 30, 2024, there's no evidence of active exploitation, but the situation is evolving.

LockBit remains a highly active and sophisticated ransomware threat, targeting various critical infrastructure sectors globally. This updated advisory incorporates recent developments in LockBit's activities, including new victim profiles, evolving Tactics, Techniques, and Procedures (TTPs), and exploited vulnerabilities. By understanding these updates, organizations can strengthen their defenses and respond effectively if targeted.