The Arch Linux security team has disabled new account registrations for the Arch User Repository (AUR) following a large-scale supply chain compromise. Attackers hijacked or created over 1,500 community-maintained packages to deliver malicious payloads, including information stealers and eBPF-based rootkits. While the community-driven AUR was heavily targeted, the official core repositories remained unaffected due to their more stringent review processes. <a href="

Read the original article