Researchers have disclosed a software supply chain attack, dubbed "Atomic Arch," targeting orphaned packages in the Arch User Repository (AUR). Using newly created AUR accounts, an attacker adopted more than 400 abandoned packages through the legitimate maintainer-handoff mech...

Researchers have disclosed a software supply chain attack, dubbed "Atomic Arch," targeting orphaned packages in the Arch User Repository (AUR). Using newly created AUR accounts, an attacker adopted more than 400 abandoned packages through the legitimate maintainer-handoff mech...

Source: Wiz
Source Link: https://threats.wiz.io/all-incidents/atomic-arch-aur-package-supply-chain-compromise-using-malicious-npm-package