From thehackernews.com
Following the public disclosure of a critical zero-day vulnerability in Webmin last week, the project’s maintainers today revealed that the flaw was not actually the result of a coding mistake made by the programmers.
Instead, it was secretly planted by an unknown hacker who successfully managed to inject a backdoor at some point in its build infrastructure—that surprisingly persisted into various releases of Webmin (1.882 through 1.921) and eventually remained hidden for over a year.