Executive Overview In late March 2024, the global cybersecurity and open-source software communities were confronted with a watershed event: the discovery of a highly sophisticated, multi-year supply chain compromise targeting the XZ Utils compression library. Tracked under the Common Vulnerabilities and Exposures identifier CVE-2024-3094, this vulnerability was immediately assigned a maximum Common Vulnerability Scoring System (CVSS) score of 10.0, reflecting its critical se