Security researchers have uncovered one of the largest malicious package campaigns to impact the Arch Linux ecosystem in recent years, with more than 400 software packages hosted in the Arch User ...

Attackers took over more than 400 packages in the Arch User Repository (AUR) this week and rewrote their build scripts to install a credential stealer on any machine that built them. The malware is a ...

At least 1,500 malicious packages were published to the Arch User Repository (AUR) as part of the Atomic Arch supply chain ...

Attackers hijacked over 1,500 packages in Arch Linux's AUR to plant a credential stealer. The official repos are safe, but the trust model took the hit.

A trip to the brewery.

Malicious apps got into the Arch User Repository - how to protect yourself ...

Linux 7.2-rc1 hits 43 million source lines. We ran cloc, tokei, scc, and wc -l and explain exactly why each tool gives a ...

Update - 18:55 UTC - The Arch Linux team put up an official announcement now: We are currently experiencing a high volume of malicious package adoptions and updates in the Arch User Repository. We are ...

Azure Linux 4.0 is Microsoft's own Fedora-derived Linux distro for Azure cloud workloads. Here is how it compares to Ubuntu, ...

GitHub has announced what it said are "breaking changes" coming to npm version 12, one of which turns off install scripts by default to combat software supply chain threats. The changes aim to combat ...