Researchers at the Qualys Threat Research Unit (TRU) have unearthed discovered a critical security flaw in OpenSSH's server (sshd) in glibc-based Linux systems.
Yes, targeted attacks like that definitely exist, most famously maybe the most recent pressure to merge a vulnerability to the xz library by actor “Jia Tan”:
That’s why there is a huge market for 0-day exploits.
Isn’t there attempts to sneak in vulnerabilities with new commits?
Yes, targeted attacks like that definitely exist, most famously maybe the most recent pressure to merge a vulnerability to the xz library by actor “Jia Tan”:
https://arstechnica.com/security/2024/04/what-we-know-about-the-xz-utils-backdoor-that-almost-infected-the-world/