Mastodon Feed
Heads up #ArchLinux users!
The "Atomic Arch" supply chain attack (June 9-12) compromised 400-1,500+ AUR packages with an infostealer & eBPF rootkit targeting credentials, browser data, and CI/CD secrets.
Attackers quietly adopted orphaned AUR packages and slipped in malicious PKGBUILDs. The community is actively cleaning up, but now's the time to act.