As of the information we have currently, the following is true. Should more information come to light, we will continue to keep this situation updated.

The xz package, starting from versions 5.6.0 to 5.6.1, was found to contain a backdoor. This backdoor could potentially allow a malicious actor to compromise sshd authentication, granting unauthorized access to the entire system remotely. The impact of this vulnerability affected Kali between March 26th to March 29th. If you updated your Kali installation on or after March 26th, it is crucial to apply the latest updates today to address this issue. However, if you did not update your Kali installation before the 26th, you are not affected by this backdoor vulnerability.

More information can be found at https://www.helpnetsecurity.com/2024/03/29/cve-2024-3094-linux-backdoor/ and https://www.openwall.com/lists/oss-security/2024/03/29/4

Beware! Backdoor found in XZ utilities used by many Linux distros (CVE-2024-3094) - Help Net Security

A vulnerability (CVE-2024-3094) in XZ Utils may enable a malicious actor to gain unauthorized access to Linux systems remotely.

^{Zeljka Zorz (Help Net Security)}