Interesting note on the
#xz
backdoor:
If you plot Jai Tan's commit history over time, the cluster of offending commits occurs at an unusual time compared to rest of their activity.
If the dev was pwned, it could be a sign that the threat actor contributed in their own timezone
Crowdstrike Analysis:
It was a NULL pointer from the memory unsafe C++ language.
Since I am a professional C++ programmer, let me decode this stack trace dump for you.