> TritonInfoSec News
Home / Jun 14, 2026 / Story
0
#3 The Hacker News general June 12, 2026 at 19:24 UTC

400+ Arch Linux AUR Packages Hijacked to Install Rust Credential Stealer

By [email protected] (The Hacker News)

AI Summary

Attackers compromised over 400 packages in the Arch Linux AUR this week, rewriting build scripts to install a Rust-based credential stealer targeting developer secrets and access tokens. On systems where the malware lands with root privileges, it deploys an eBPF rootkit to conceal itself. Arch Linux developers who ran builds from AUR during the compromise window should treat their systems and stored credentials as fully compromised.

Read full article → https://thehackernews.com/2026/06/400-arch-linux-a…

Relevance score: 85.0/100

# More from June 14

  1. 1
    Google Confirms Exploitation of Oracle PeopleSoft Zero-Day by ShinyHunters SecurityWeek
  2. 2
    ShinyHunters is actively extorting universities after exploiting an unpatched Oracle flaw CyberScoop
  3. 4
    Critical Splunk Enterprise Flaw Lets Attackers Run Code Without Authentication The Hacker News
  4. 5
    Chinese hackers hijack auth flow, spy on isolated network for a decade BleepingComputer
  5. 6
    FBI takes down massive China-based cybercrime network that caused $1.9B in losses CyberScoop
  6. 7
    Ivanti Sentry Exploitation Attempts Hitting Honeypots SecurityWeek
  7. 8
    U.S. Orders Anthropic to Suspend Fable 5 and Mythos 5 Access for Foreign Nationals The Hacker News
  8. 9
    Over 400 Arch Linux packages compromised to push rootkit, infostealer BleepingComputer
  9. 10
    phpBB forum fixes auth bypass bug lurking for a decade BleepingComputer