A massive supply chain attack targeting the Arch User Repository (AUR) has compromised more than 400 community-maintained packages, with attackers injecting malicious build scripts designed to deploy credential-stealing malware and rootkit-style payloads on affected Linux systems.
Yeah, Python has been a massive vulnerability for a long while. And the AUR has similar issues. This is only getting widespread coverage now. But it’s always been a risk.