Linux dodged a bullet. If the XZ exploit had gone undiscovered for only a few more weeks, millions of Linux systems would have been compromised with a backdoor.
We were lucky. But can we stay lucky?
The Open Source Security Foundation (OpenSF) and the OpenJS Foundation revealed that a similar hacking attempt had targeted several JavaScript programs.