I'm surprised to see that no one has mentioned this on PLUG yet, though it's been flying around the rest of the tech sphere on the internet pretty heavily over the last week. I will share it here in case any list member hasn't seen it yet elsewhere and if anyone is interested in this subject.
The short version is, someone (potentially many someones) attempted to insert malicious code into the Linux pipeline which would have resulted in them being able to log in to any system running that code without authorization. The attempt was caught before it reached any major level of distribution and stopped, but the fact that it even got that far is alarming. Here is a NYT article covering the sequence of events in a pretty approachable way: https://www.nytimes.com/2024/04/03/technology/prevent-cyberattack-linux.html And for those who do not feel motivated to create an account on the NYT website: https://archive.ph/tc9bN Keith's email is broken, so he asked me to pass this along to the list. -wes