Supply Chain Attack on Arch Linux AUR and Critical Splunk Vulnerability Disclosed

15 Jun 2026

cybersecuritysupply_chain_attackArch_LinuxAURSplunkvulnerabilityremote_code_executionAI_securityprompt_injectionnpm

On June 15, 2026, the SANS Internet Storm Center reported a supply chain attack targeting Arch Linux’s Arch User Repository (AUR), where attackers hijacked abandoned but popular packages by injecting malicious code into post-install scripts. The campaign, dubbed 'Atomic Arch,' involved installing npm packages like atomic-lockfile, minimist, and chalk without altering the original package functionality, evading detection. Approximately 400–1,500 packages were potentially impacted due to dependency chains. Additionally, Splunk disclosed a critical unauthenticated vulnerability in its log management system, enabling full system access via a Postgres sidecar flaw, including directory traversal and remote code execution, with AWS deployments affected by default. Researchers also highlighted prompt injection risks in AI-driven bug-fixing tools like Sentry, where maliciously crafted bug reports could trigger arbitrary code changes or execution. The video emphasized the urgency of patching Splunk and cautioned against unfiltered AI agent inputs.