Attackers hijacked over 1,500 Arch Linux packages to steal developers’ secrets, no hacking required (opens in new tab)

One of the largest open-source package repositories just spent a weekend cleaning up after a malware campaign that did not break into anything. It did not need to. Attackers seized control of more than 1,500 packages in the Arch User Repository, or AUR, the community-run software collection that sits alongside Arch Linux’s official repositories, and […] at The Next Web