"Atomic Arch": 400+ AUR Packages Hijacked to Deliver an eBPF Rootkit and Infostealer

Executive Summary An attacker spoofing a trusted maintainer on the Arch User Repository (AUR) adopted and trojanized more than 408 packages — and according to Sonatype, the figure may have reached rou