A wave of malicious commits hit the Arch User Repository (AUR) over the weekend, prompting the team to disable new account registration on Monday morning while it cleans up the mess. The issue was ...
The Arch User Repository lets community members adopt orphaned packages: legitimate projects abandoned by their original maintainers. That process is the entry point for this AUR supply chain attack.