All Topics
All Topics
Technology
Technology
Design
Design
Programming
Programming
Science
Science
News
News
Gaming
Gaming
Entertainment
Entertainment
Business
Business
Finance
Finance
Sports
Sports
Health
Health
Food
Food
Travel
Travel
Art
Art
Music
Music
Books
Books
Education
Education
Politics
Politics
Personal
Personal
No algorithm. No AI slop. No ads. Just RSS. Pro-human. Indie writers. Real journalism. Open web. Chronological. Hand toasted.
First reported by Hacker News
Over 400 AUR Packages Compromised with Infostealer and Rootkit by Malicious Maintainer

Arch Linux AUR Malware Incident: Over 1,500 Packages Compromised, Now Under Control

By

Written by Michael Larabel in Arch Linux on 12 June 2026 at 08:55 PM EDT. 37 Comments

7h ago· 2 min readenNews
Bagel score 70 of 100
70/100
Toasty
Bagelometer

Crusty in the right places. Worth the chew.

Score70TypenewsSentimentnegative

Summary

Arch Linux's AUR (user-contributed repository) experienced a major malware incident that started with over 400 compromised packages and escalated to more than 1,500 affected packages by the end of the day. The Arch Linux team believes all affected commits have now been addressed and the situation is under control.

Key quotes

· 3 pulled
The day started out with Arch Linux's AUR user-contributed repository seeing more than 400 packages compromised with malware.
Now in ending out the day they believe all affected commits have been addressed.
But it ended up being more than 1,500 affected packages.
Snippet from the RSS feed
The day started out with Arch Linux's AUR user-contributed repository seeing more than 400 packages compromised with malware

You might also wanna read

Over 400 Arch Linux AUR Packages Compromised in Malware Campaign

A large-scale malware campaign compromised over 400 user-supplied packages in the Arch Linux User Repository (AUR). Arch Linux maintainers h

buff.ly·1d ago

Arch Linux AUR hit by wave of malware-infected package descriptions

The Arch User Repository (AUR) is experiencing a large-scale attack where malicious actors have taken over hundreds of orphaned package desc

heise.de·1d ago

Red Hat removes 32 compromised packages after GitHub account breach led to malware distribution

Red Hat removed 32 compromised packages from its software distribution pipeline after attackers used a stolen GitHub account to push credent

therecord.media·9d ago

Attacker publishes 14 malicious npm packages impersonating OpenSearch and Elasticsearch libraries

A single npm user published 14 malicious packages over four hours, impersonating popular OpenSearch, Elasticsearch, DevOps, and environment-

briefly.co·14d ago

Microsoft detects 14 malicious npm packages impersonating OpenSearch and Elasticsearch libraries

A threat actor using the alias vpmdhaj published 14 malicious npm packages within four hours, impersonating legitimate OpenSearch, Elasticse

theregister.com·13d ago

Microsoft detects 14 malicious npm packages impersonating OpenSearch and Elasticsearch libraries

A threat actor using the alias vpmdhaj published 14 malicious npm packages within four hours, impersonating legitimate OpenSearch, Elasticse

theregister.com·13d ago

Red Hat npm supply chain attack compromises 32 packages with credential-stealing malware

A supply chain attack targeted Red Hat's npm namespace (@redhat-cloud-services), with 96 compromised versions across 32 packages backdoored

briefly.co·10d ago