Arch Linux disables new AUR registrations after malware waves

Kiswahili

Arch Linux has disabled new account registrations for the Arch User Repository following multiple waves of malicious package updates. The move comes after more than 1,500 packages were compromised last week.

The AUR, a community-maintained repository for Arch Linux users, faced successive attacks starting June 11. Developers identified an initial batch of over 1,500 affected packages linked to a malicious npm package called js-digest.

Subsequent waves on June 13 and June 14 used different obfuscation methods, including split strings and local AI detection to flag entries. These updates inserted harmful scripts into packages such as browser tools and desktop applets.

On June 15, team member Leonidas Spyropoulos announced the registration freeze to allow cleanup. Core Arch repositories remain unaffected.

Users are advised to review all PKGBUILD files before updates and report issues via the aur-general mailing list.

Makala yanayohusiana

Malware infects 1579 packages in Arch Linux AUR

More than 1500 user contributed packages in the Arch Linux User Repository were infected with malware.

yay v13 adds Lua hooks after AUR malware attacks

Imeripotiwa na AI

The popular AUR helper yay released version 13 on June 18 with new tools to help users detect risky packages. The update follows multiple waves of malware that compromised over 1,500 packages in the Arch User Repository.

Usalama

Fedora retires deepin packages over security and maintenance issues

Linux

Linux maintainer says AI tools now find real bugs

Crypto

Trapdoor malware targets crypto and ai developers

AI agent hijacks Fedora account and submits flawed code

A compromised contributor account allowed an AI agent to disrupt Fedora's bug tracker in May. The agent closed reports incorrectly and pushed bad changes into the Anaconda installer project. The incident has renewed calls for stronger security measures.

AI generated code overwhelms open source developers

Imeripotiwa na AI

A surge in AI written code submissions is overwhelming volunteers who maintain open source software, leading some to quit the field entirely.

Jumanne, 16. Mwezi wa sita 2026, 16:24:37

CachyOS switches to Rust-based Shelly package manager

Jumatatu, 8. Mwezi wa sita 2026, 12:50:36

Microsoft packages hit with credential-stealing malware for second time

Jumanne, 2. Mwezi wa sita 2026, 11:52:39

KDE Linux reports May progress on build system and security

Jumatatu, 25. Mwezi wa tano 2026, 23:10:35

GitHub hit with another major attack by Megalodon

Jumatatu, 18. Mwezi wa tano 2026, 02:56:03

Linus Torvalds flags AI reports flooding kernel security list

Tovuti hii inatumia vidakuzi

Tunatumia vidakuzi kwa uchambuzi ili kuboresha tovuti yetu. Soma sera ya faragha yetu kwa maelezo zaidi.
Kataa