{"id":272982,"date":"2026-06-14T15:37:00","date_gmt":"2026-06-14T19:37:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/06\/14\/the-security-situation-with-the-arch-linux-aur-got-a-lot-worse\/"},"modified":"2026-06-14T15:40:12","modified_gmt":"2026-06-14T19:40:12","slug":"the-security-situation-with-the-arch-linux-aur-got-a-lot-worse","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/06\/14\/the-security-situation-with-the-arch-linux-aur-got-a-lot-worse\/","title":{"rendered":"The security situation with the Arch Linux AUR got a lot worse"},"content":{"rendered":"<p><a href=\"https:\/\/www.gamingonlinux.com\/2026\/06\/the-security-situation-with-the-arch-linux-aur-got-a-lot-worse\/\">The security situation with the Arch Linux AUR got a lot worse<\/a><\/p>\n<p><a href=\"https:\/\/www.gamingonlinux.com\/2026\/06\/the-security-situation-with-the-arch-linux-aur-got-a-lot-worse\/\">https:\/\/www.gamingonlinux.com\/2026\/06\/the-security-situation-with-the-arch-linux-aur-got-a-lot-worse\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-06-14 15:37:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.gamingonlinux.com\">www.gamingonlinux.com<\/a><\/p>\n<p>Oh dear, the situation with the Arch Linux AUR got a fair bit worse since GamingOnLinux initially covered the malicious packages.<\/p>\n<p>At the time the initial article was put up, there were a bit over 400 compromised packages on the Arch Linux Arch User Repository (AUR). That list of affected packages (source) rose quite sharply to over 1,400 and checking again now there&#8217;s nearly 2,000 noted. That&#8217;s a lot of packages to be hit like this.<\/p>\n<p>Later last night the attacks were reported to be continuing on &#8220;with obfuscated code&#8221;, and another report in the early hours of this morning noting it&#8217;s become &#8220;a little bit more elaborate&#8221;. Not all of the packaging issues are as bad as the initial wave of trying to steal credentials, some are just adding ridiculous messages in Russian.<\/p>\n<p>The AUR developers and maintainers are clearly going to need to rethink how the service is run. While it&#8217;s a wonderful idea to let anyone come along and package extra apps and such if they&#8217;re missing from Arch Linux repositories, anything left open in any way is going to cause problems. Especially so now in 2026, when Linux is clearly more popular than ever &#8211; anything Linux related like this is going to become a bigger target. And with AI bots too, making such a hit has become far easier.<\/p>\n<p>At least some level of human review is going to be needed. Otherwise, this certainly won&#8217;t be the last time we see the AUR having security problems.<\/p>\n<p>\t\t\t\t\t\t<span class=\"hidden_message\">Article taken from GamingOnLinux.com.<\/span><\/p>\n<p><a href=\"https:\/\/www.gamingonlinux.com\/2026\/06\/the-security-situation-with-the-arch-linux-aur-got-a-lot-worse\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>The security situation with the Arch Linux AUR got a lot worse https:\/\/www.gamingonlinux.com\/2026\/06\/the-security-situation-with-the-arch-linux-aur-got-a-lot-worse\/ Publish Date:&#8230;<\/p>\n","protected":false},"author":1,"featured_media":272985,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/www.gamingonlinux.com\/uploads\/tagline_gallery\/arch.png","fifu_image_alt":"","footnotes":""},"categories":[48],"tags":[99,71,57],"class_list":["post-272982","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-linux","tag-arch-linux","tag-linux","tag-security"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/272982"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=272982"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/272982\/revisions"}],"predecessor-version":[{"id":272986,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/272982\/revisions\/272986"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/272985"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=272982"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=272982"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=272982"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}