Update: the Arch Linux AUR supply chain attack just got much worse.
When I posted earlier, around 400 packages were compromised.
Now it's reportedly over 1,500.
The malware isn't just stealing credentials.
It's targeting developers by harvesting:
• SSH keys
• GitHub tokens
• npm credentials
• Browser sessions
• Slack, Discord & Teams accounts
• VPN configurations
And on privileged systems, it can reportedly deploy an eBPF rootkit to hide from security tools.
This is quickly becoming one of the largest AUR compromises ever seen.
If you're an Arch user, now would be a good time to audit your recent AUR installs.
Jun 13
Over 400 Arch Linux AUR packages were just compromised.
And this is a reminder that open source doesn't automatically mean secure.
Attackers reportedly hijacked package maintenance and injected malware capable of:
• Stealing GitHub credentials
• Extracting SSH keys
• Harvesting browser cookies
• Accessing Slack, Discord & Teams data
• Collecting VPN credentials
• Deploying an eBPF rootkit
The scary part?
Many developers install AUR packages without reviewing every PKGBUILD.
Affected systems may have exposed:
• GitHub tokens
• npm credentials
• Docker & Podman secrets
• HashiCorp Vault tokens
• SSH artifacts
• Browser session data
If you're running Arch or an Arch-based distro and recently installed AUR packages:
• Audit installed packages
• Check for indicators of compromise
• Rotate credentials immediately
• Consider a clean reinstall if rootkit activity is suspected
This isn't an Arch Linux problem.
It's a software supply chain problem.
One compromised package can put thousands of developer machines at risk.
Do you review PKGBUILDs before installing AUR packages, or do you trust the community by default?
3
AFROPHOBIC FC 🇿🇦 retweeted
Safer for who, cleaner for who, more affordable for who? Property developers and zionists?
‘Safer, cleaner, more affordable’: Hill-Lewis eyes second term with five-pledge plan for Cape Town dailymaverick.co.za/article/…
6
168
413
4,685
𑁍܀𝑰𝑵𝑺𝑼𝑹𝑮𝑬𝑵𝑻 𝑸𝑼𝑬𝑬𝑵 ༘⋆✿ retweeted
[key.]
The reality about all the "drama" surrounding female led games or even real women in gaming spaces ( developers, VAs, content creators, etc. ) from the incel type men is just that it's all a byproduct of misogyny at large, and there's no simple solution to it.
1
6
16
860
Richard Arion retweeted
Jun 10
NEW: malware developers added nuclear & biological weapons text to to their spyware.
Goal? To trigger LLM safety refusals... so that their spyware wouldn't be analyzed by an AI security scanner.
Cleanest practical example I can think of for why over-indexing on first order safety alignment is risky.
When closed (and open) models ship with aggressive refusals, they will be sprinkled with second-order blindspots that attackers will discover...and exploit.
We are only in the earliest days of attackers leveraging these features, and it wouldn't surprise me if users systems that need to handle complex cybersecurity issues demand that models be less safety-blunted.
In the weeds: @SocketSecurity's post also shows why intention matters in how you design a malware analysis pipeline to avoid prompt manipulation.
H/T to colleagues that shared this with me socket.dev/blog/mini-shai-hu…
226
2,152
12,627
1,539,770
Charity begins at home
Ndi developers left their primitive region just to build for others
Now when time is right to go back, I wonder what y’all going back for
The igbos have contributed immensely to the Lagos economy! Commerce Wise! if you have a problem with it HUG A FRIGGING Transformer!!! We have made massive investments in Real estate too!! other tribes have contributed too. why is it always a problem when it’s the igbos?!! why??
Ahahaha whatever the app developers' strategy is, it's clearly working 😂
2
Mathieu Geukens retweeted
CashScript delivers a meaningful upgrade for Bitcoin Cash developers.
The playground and VS Code extension now provide full compilation results and instant compile error feedback - a clear improvement to the smart contract development experience on BCH.
Jun 11
We just upgraded the developer experience for all CashScript developers, whether you prefer the playground or a code editor.
The playground and VS Code extension now feature full compilation results and show you any compile errors immediately. 🫡🚀
11
35
684
(2/2) Tokadex is a massive part of this next chapter. The developers are currently working on two main pieces:
1. The Engine: Perfecting the CAPD technology so it can securely match millions of trades.
2. The Interface: Building the Tokadex app so it feels as easy and intuitive to use as any regular banking app on your phone, hiding all the complex tech in the background.
“I studied the GitLab files of Nexa and I concluded that the team wants to make complex tech in a way, you don’t even realise you are using blockchain. Nexa is the first blockchain ever that has a friendly and human face.”
Following major network upgrades taking place this year, Tokadex and the tools surrounding it are expected to roll out as we head into 2027.
While the rest of the crypto market often chases short-term trends and meme coins, Nexa is quietly building a bulletproof foundation for the next multi-trillion-dollar market. If you're paying attention to where traditional finance and blockchain are finally coming together, Nexa and Tokadex are definitely projects to keep on your radar.
3
🚨 Most Developers Are Underpaid Because They Only Code Not Communicate.
Meanwhile, companies are paying $100K to people who can explain technical products clearly.
SuperPlane is hiring a DevRel Content Creator and this is their first-ever DevRel hire.
That means you’re not just getting a job you’re building the role from scratch.
◽ Role: DevRel Content Creator
◽ Employer: SuperPlane
◽ Location: Remote (Worldwide 🌍)
◽ Pay: $100K USD Equity
You’ll create:
📌 Technical videos
📌 Tutorials & docs
📌 Developer community content
Apply here: weworkremotely.com/remote-jo…
🔁 Share this with someone who’s technical but loves teaching — this could change their career.
3
How Game Difficulty Systems Work
A detailed look at the mechanics developers use to create challenge, balance progression, and accommodate different player skill levels.
brutaluniverse.com/how-game-…
1
1
agree but i remember some developers have issues with this setup but cannot remember why 🤦
1
3
Then you're only a fan of the story and not the game. Gameplay is a core component of every game, meticulously designed and built by the developers for a full complete experience. You never had the full experience, you are not a fan of the game.
4
The strongest infrastructure is usually the one developers stop thinking about
If builders can spend less time managing integrations and more time shipping products then projects like Rialo are heading in the right direction @RialoHQ
1
244@ffrk retweeted
Jun 10
Reminder that this is the terrible horrible monstrous ending where everybody ends up sad that the developers are trying to save you by making it a sequel from 😱
Oh wait... It's actually quite beautiful
77
226
4,262
530,769