By Larry Cafiero
On Friday, Swati Khandelwal of The Hacker News reported that attackers originally took over more than 400 packages in the Arch User Repository (AUR) last week and rewrote their build scripts to install a credential stealer on any machine that built them.
According to the article, “[t]he malware is a Rust binary built to harvest developer secrets. When it lands with root, it can also load an eBPF rootkit to hide itself. The AUR is Arch Linux’s community package collection, and it is separate from the official Arch repositories, which were not affected.”
The article suggests that if you installed or updated an AUR package on or after June 11, check it against the current affected-package lists before trusting the host. “The list of names is large, still growing, and not yet complete,” said the article.
Christine Hall at FOSS Force wrote on Sunday that “[j]ust hours after Arch sounded the all clear on a massive AUR malware purge, a new, stealthier campaign is slipping malicious code back into user packages.”
Michael Larabel at Phoronix suggests shutting down the Arch Users Repository until this situation can be fixed.
“At this stage it’s a bit surprising they don’t completely shutdown AUR until they can better verify the security and safety of this user-supplied repository or at least implement new safeguards on changes,” the Phoronix article states.
More on this story as it develops.
Questing Quokka reaches end of life
Ubuntu 25.10, also known as “Questing Quokka,” is scheduled to reach its end-of-life in July 2026. After this date, the version will no longer receive security updates or support from Canonical.
For the unitiated, what that means is that the Isle of Man firm will no longer provide security updates for the distro after July 9, 2026.
According to an article in Linux Compatible, there is a simple solution to this: Update to Ubuntu 26.04 Resolute Raccoon.
“Running the standard upgrade tool early keeps the system stable and prevents the usual command line headaches that come with chasing dead repositories,” the article states. “Waiting until the last moment only guarantees a rushed migration and a potentially broken desktop environment.”
Well, there. You have been warned, Ubuntu users. Update early to avoid the last-minute rush.
Linux kernel 7.1 is on the clock
Marcus Nestor at 9 to 5 Linux reports Sunday that Linux kernel 7.1 is now available for download, featuring enhanced hardware support, filesystem and networking improvements, security enhancements, and several other changes.
“Probably the biggest change of the Linux 7.1 kernel series is a new NTFS file system implementation, which has been in the works for the last four years, featuring full write support with delayed allocation, iomap, and folio integration to improve write performance, better stability, and a new suite of userspace utilities called ntfsprogs-plus,” the article states.
The article continues to announce that “[a]mong other changes, Linux kernel 7.1 enables Intel’s Flexible Return and Event Delivery (FRED) feature by default, introduces CPU Memory (CMEM) Latency PMU support for NVIDIA Tegra410 SoCs, adds BPF fsession support for the IBM System/390 architecture, and adds seccomp () support to the Alpha architecture.”
Now that Linux kernel 7.1 is out, the merge window will soon open for the next major kernel series, Linux 7.2, which is expected in mid or late August 2026.
Now that Linux kernel 7.1 is out, the merge window will soon open for the next major kernel series, Linux 7.2, which is expected in mid or late August 2026.
And that’s all for today. Don’t forget: Distro of the Week appears Wednesday – and it’s a good one on hand – and Bits and Bobs will return on Friday.