A sophisticated software supply chain attack targeting the open-source community has been uncovered, revealing a years-long effort to compromise Linux distributions such as Debian and RedHat. The breach, described as a "nightmare scenario" by experts, involved a contributor making suspicious changes to the libarchive project in 2021, replacing the safe_fprint function with a less secure variant, unnoticed at the time. This attack, which could have been disastrous for the IT industry and customers, was aimed at embedding malicious code into software that runs on nearly all publicly accessible internet servers. The discovery of the backdoored package, xz, used in nearly every Linux distribution, came just days after ENISA announced software supply chain attacks as the top cybersecurity threat for the next five years. Further investigations suggest that nation-state hackers could be behind this meticulously planned operation.