devops
Hundreds of AUR packages compromised
Source:
lwn.net 1 min read
Share
You are reading a summary. The full content is hosted on lwn.net.
Hundreds of orphaned Arch User Repository packages were compromised after an attacker added a malicious npm package, atomic-lockfile, capable of exfiltrating sensitive data. The project is cleaning up and has a list of affected packages, and users should check whether they installed any compromised updates.
Read the full article on the original website
External link to lwn.net
