Looks like the Arch Linux AUR (Arch User Repository) needs some better security and package checks - as some malicious users compromised a lot of packages.

A wave of malicious commits hit the Arch User Repository (AUR) over the weekend, prompting the team to disable new account ...

Oh dear, the situation with the Arch Linux AUR got a fair bit worse since GamingOnLinux initially covered the malicious ...

AUR was considered a looming security threat.

An AUR supply chain attack compromised more than 400 Arch Linux packages from 11 June 2026, planting a Rust credential ...

At least 1,500 malicious packages were published to the Arch User Repository (AUR) as part of the Atomic Arch supply chain ...

Attackers hijacked over 1,500 packages in Arch Linux's AUR to plant a credential stealer. The official repos are safe, but the trust model took the hit.

The Arch Linux team has warned users for years about verifying each AUR package before installing it. The Arch Linux team is the second Linux distro that has found malware on its user-submitted ...

Arch Linux continues to struggle with a large-scale malware wave in its user repository AUR (Arch User Repository). This is currently literally flooded with malware. The attack continues and becomes ...

3 ways the new Steam Machine could be a huge win for Linux ...

More than 400 packages in the Arch User Repository (AUR) are distributing a Linux rootkit and infostealer malware targeting credentials and access tokens. A report from the open-source intelligence ...