• Category: Security
  • Status: developing
  • Sources: Phoronix, Arch Linux incident notice
  • Summary: Covered in Top stories. A second wave of obfuscated malicious AUR packages surfaced 2026-06-13 to 2026-06-14 after the first "Atomic Arch" wave was declared under control, spanning Node.js, Plasma 6 applet, Firefox, Aura browser, LibreWolf, and Neovim-plugin packages. Official Arch binary repositories are unaffected.
  • Why it matters: The orphaned-package adoption vector remains exploitable and the new wave is harder to detect, so AUR users should continue to read PKGBUILD scripts before building.

Send feedback on this story