Tag
Security alert: malicious packages are being spread in the Arch User Repository (AUR), posing a risk to Arch Linux users.
This article warns about the ongoing Mini Shai-Hulud supply chain attack, which has spread from TanStack to UiPath, Mistral AI, etc., with a total of 205 artifacts poisoned. Attackers used CI/CD cache poisoning; malicious packages have legitimate signatures and provenance, rendering traditional security measures ineffective. AI has accelerated the attack speed, and developers' AI tools have become parasitic targets.