Backdoor found in widely used Linux utility targets encrypted SSH connections
arstechnica.com
Malicious code planted in xz Utils has been circulating for more than a month.

Hopefully this does not affect you but if you are running something like Arch, OpenSUSE tumbleweed, Debian sid or Fedora Rawhide and use SSH for remote access you should do a full wipe.