posts
The Trojan Horse You Already Installed In March 2024, a lone developer named Andres Freund noticed something odd: SSH connections were taking 500 milliseconds too long. That curiosity uncovered the XZ Utils backdoor — a sophisticated supply chain attack where a threat actor had spent two years building trust as a
When Trusted Software Becomes Your Biggest Threat In March 2022, researchers confirmed that threat actors had compromised the update mechanism for Asus software, ultimately pushing malware to nearly a million machines. The attackers hadn't built anything from scratch. They had removed legitimate code from a trusted update pipeline
When Trusted Tools Become Trojan Horses In April 2021, security researchers at Kaspersky documented a campaign where threat actors took software that had been removed legitimate from vendor websites — discontinued, deprecated, or pulled due to vulnerabilities — and repackaged it with embedded malware. The attackers then hosted these poisoned versions on
