Severity: CRITICAL

Attackers compromised more than 400 packages in the Arch User Repository (AUR), modifying their build scripts to deploy a credential stealer. This Rust-based malware is designed to harvest developer secrets and, with root privileges, can install an eBPF rootkit for stealthy persistence. The incident highlights the supply chain risks associated with community package repositories and the potential for sophisticated attacks targeting developer environments.

Source: The Hacker News