Over 400 Arch Linux packages compromised to push rootkit, infostealer
More than 400 packages in the Arch User Repository (AUR) are distributing a Linux rootkit and infostealer malware targeting credentials and access tokens. [...]
Stay updated on the latest compromise incidents in infosec. Discover how breaches occur and learn strategies to protect your data and networks.
Search across headline titles and summaries.
Background for this topic.
Compromise in information security means unauthorized access or control over a system, network, or data, often resulting from exploiting vulnerabilities like software bugs, weak credentials, or misconfigurations. It indicates that an attacker has bypassed security measures to read, modify, or disrupt resources without permission.
Such compromises pose risks including data theft, unauthorized system manipulation, and persistent attacker presence. Detecting and containing compromises requires monitoring for unusual activity, applying timely patches, and enforcing strong access controls to limit attacker movement and reduce the impact of exploited weaknesses.
More than 400 packages in the Arch User Repository (AUR) are distributing a Linux rootkit and infostealer malware targeting credentials and access tokens. [...]
Phishing simulation on an OpenClaw email agent with various configuration profiles showed that it was susceptible to tactics commonly used to compromise human users. [...]
At WWDC 26, Apple announced an Apple Intelligence-powered feature that can automatically fix weak and compromised passwords. This works in Safari, and it's rolling out with iOS 27. [...]
Hackers compromised 19 packages on the PyPI, collectively downloaded hundreds of thousands of times, in a new Shai-Hulud supply-chain attack that delivered malware designed to steal developer secrets. [...]
Gogs has patched a critical security zero-day flaw that can allow attackers to compromise Internet-facing instances and access any repositories (including private ones). [...]
The University of Oxford disclosed a new data breach last week after being informed by its third-party provider, Group GTI, that its CareerConnect career services platform had been compromised. [...]