> TritonInfoSec News
Home / Jun 14, 2026 / Story
0
#9 BleepingComputer general June 12, 2026 at 17:03 UTC

Over 400 Arch Linux packages compromised to push rootkit, infostealer

By Bill Toulas

AI Summary

More than 400 Arch User Repository packages were trojanized to distribute a Linux eBPF rootkit and a credential-stealing infostealer targeting access tokens and secrets stored on developer machines. The attack targeted the AUR's community-maintained package ecosystem, which carries no formal security vetting, making it a recurring supply chain risk vector for Arch Linux users. Developers who built affected packages should rotate all credentials and audit systems for eBPF-based persistence.

Read full article → https://www.bleepingcomputer.com/news/security/ove…

Relevance score: 74.0/100

# More from June 14

  1. 1
    Google Confirms Exploitation of Oracle PeopleSoft Zero-Day by ShinyHunters SecurityWeek
  2. 2
    ShinyHunters is actively extorting universities after exploiting an unpatched Oracle flaw CyberScoop
  3. 3
    400+ Arch Linux AUR Packages Hijacked to Install Rust Credential Stealer The Hacker News
  4. 4
    Critical Splunk Enterprise Flaw Lets Attackers Run Code Without Authentication The Hacker News
  5. 5
    Chinese hackers hijack auth flow, spy on isolated network for a decade BleepingComputer
  6. 6
    FBI takes down massive China-based cybercrime network that caused $1.9B in losses CyberScoop
  7. 7
    Ivanti Sentry Exploitation Attempts Hitting Honeypots SecurityWeek
  8. 8
    U.S. Orders Anthropic to Suspend Fable 5 and Mythos 5 Access for Foreign Nationals The Hacker News
  9. 10
    phpBB forum fixes auth bypass bug lurking for a decade BleepingComputer