TL;DR there was a backdoor found in the XZ program. All major distros have been updated but it is recommended that you do a fresh install on systems that are exposed to the internet and that had the bad version of the program. Only upstream distros were affected.
“Regular user” seems to be a strange counter to all the people I just listed that would be affected here. I’m not worried about myself, I’m worried about the people whose privacy and security is extremely important in this context.