[$] AURpocalypse now: a look at the recent AUR attacks
Date:
Fri, 19 Jun 2026 14:40:59 +0000
Description:
The Arch User Repository (AUR) has
been subjected to a sustained attack recently. The attacker, or attackers, have
spun up a series of new accounts then used them to adopt orphaned
packages and push malicious updates that would install malware on users' systems.
It is unclear how many users were compromised in the attack, but the maintainers
were playing Whac-A-Mole for several days to respond to each newly compromised package. The project has turned
off the AUR's new-user registration , for now, but it is unclear what its long-term response will be or if the AUR can be secured without major changes to
its existing collaboration model.
======================================================================
Link to news story:
https://lwn.net/Articles/1077619/
--- Mystic BBS v1.12 A49 (Linux/64)
* Origin: tqwNet UK HUB @ hub.uk.erb.pw (1337:1/100)