Total access to all INMA reports on just-in-time topics, trends, and case studies ...
A wave of malicious commits hit the Arch User Repository (AUR) over the weekend, prompting the team to disable new account registration on Monday morning while it cleans up the mess. The issue was ...
Oh dear, the situation with the Arch Linux AUR got a fair bit worse since GamingOnLinux initially covered the malicious packages. The AUR developers and maintainers are clearly going to need to ...
The Arch User Repository lets community members adopt orphaned packages: legitimate projects abandoned by their original maintainers. That process is the entry point for this AUR supply chain attack.
Update - 18:55 UTC - The Arch Linux team put up an official announcement now: We are currently experiencing a high volume of malicious package adoptions and updates in the Arch User Repository. We are ...
Detection and analysis tools for the atomic-lockfile supply-chain attack on the Arch User Repository (AUR), generalized to a campaign-based architecture that handles multiple concurrent and historical ...
Attackers took over more than 400 packages in the Arch User Repository (AUR) this week and rewrote their build scripts to install a credential stealer on any machine that built them. The malware is a ...
If you are migrating from another AUR helper, you can simply install yay with that helper. Use yay -Y --gendb to generate a development package database for *-git packages that were installed without ...