Arch Linux AUR Locked Down After Malicious Package Wave
🟠 High | Source: The Register — Security Arch Linux has temporarily frozen new account registrations on the Arch User Repository (AUR) after attackers submitted a wave of malicious package updates designed to compromise systems that install from the community-maintained repository. AUR packages are not officially vetted, making them a high-value target for supply chain attacks. This incident highlights the ongoing risk of depending on community repositories in build pipelines and development environments. ...