1. Forum
  2. MicroNet
  3. MIN COMP

  • [$] AURpocalypse now: a look at the recent AUR attacks

    From LWN.net@618:250/24 to All on Sat Jun 20 06:40:08 2026

    The Arch User Repository (AUR) has
    been subjected to a sustained attack recently. The attacker, or attackers, have spun up a series of new accounts then used them to adopt orphaned
    packages and push malicious updates that would install malware on users' systems.
    It is unclear how many users were compromised in the attack, but the maintainers
    were playing Whac-A-Mole for several days to respond to each newly compromised package. The project has turned
    off the AUR's new-user registration, for now, but it is unclear what its long-term response will be or if the AUR can be secured without major changes to
    its existing collaboration model.

    https://lwn.net/Articles/1077619/
    --- SBBSecho 3.37-Linux
    * Origin: Palantir * palantirbbs.ddns.net * Pensacola, FL * (618:250/24)