Tag
The Arch User Repository (AUR) has been under sustained attack, with attackers creating new accounts to adopt orphaned packages and push malicious updates. The project has temporarily disabled new-user registration, but long-term security solutions remain unclear.
yay v13 introduces Lua hooks for extensibility and displays PKGBUILD last modification time to help users review packages more carefully, responding to the AURpocalypse incident.
Malicious packages in the Arch Linux AUR have been found inserting Russian spam into users' shell configuration files, prompting a cleanup effort by maintainers.
Arch Linux developers have contained a malware incident in the AUR user-contributed repository, deleting malicious commits affecting over 1,500 packages.
Security compromise of Arch User Repository (AUR) packages with infostealer and rootkit malware, posing a significant threat to users who installed the affected packages.
Security alert: malicious packages are being spread in the Arch User Repository (AUR), posing a risk to Arch Linux users.
Hundreds of Arch User Repository (AUR) packages were compromised by an infostealer malware. Package maintainers are working to remove malicious commits and ban the involved accounts.