This detection rule identifies vulnerable versions of the XZ and liblzma libraries on Linux and macOS systems. Specifically, the rule targets versions 5.6.0 and 5.6.1 of both XZ and liblzma that are likely to contain backdoor exploits as per CVE-2024-3094. The detection relies on Osquery's differential logs, particularly focusing on recent additions of relevant packages that are reported as potentially vulnerable. Users must enable the vulnerability management pack from Osquery to correctly utilize this rule, allowing proactive detection and response to this emerging supply chain threat. Recommendations include upgrading or downgrading to secure versions based on the vulnerabilities identified.