DigiNews

Summary

Hundreds of AUR packages were reportedly attacked by an infostealer, according to an Arch Linux AUR mailing list thread. Maintainers are actively resetting/deleting malicious commits and banning involved accounts, and they're asking responders to forward any additional malicious packages to consolidate the response. The incident highlights supply-chain risks in open-source package ecosystems and the need for rapid incident response.