The Arch Linux team reports that it has been mitigating a prolonged DDoS attack for more than a week, affecting most of the project’s services. The attack began on August 16, and as a result the Arch User Repository (AUR), the Arch Linux website, the Wiki, and the forums may be unavailable.
“As you may have noticed, some of our services (AUR, forums, main site) are currently affected by a DDoS attack. We are aware of the issue and are actively working on measures to mitigate it,” wrote the maintainers on August 16.
However, the attack was not quickly contained. Although the services nearly regained full functionality over the past weekend, issues persist and performance periodically degrades, as shown on the project’s status page. It is also noted that some services may be incorrectly displayed as unavailable due to the defensive measures in use.
“We understand the problems this creates for our end users and will continue to work closely with our hosting provider to mitigate the attack. We are also evaluating DDoS protection providers, carefully considering factors such as cost, security, and ethical standards,” reports the Arch Linux team.
The ongoing incident also affects package mirrors, since the mirror list endpoint that some tools rely on is hosted on the site. As a result, the maintainers advise users to switch to the mirrors listed in the pacman-mirrorlist package.
At present, representatives of Arch Linux are not disclosing any technical details of the attack, citing ongoing efforts to mitigate it.
2025.02.01 — Critical RCE vulnerability fixed in Cacti
A critical vulnerability has been discovered in the open-source Cacti framework: it enables an authenticated attacker to remotely execute arbitrary code. Vulnerability's ID is CVE-2025-22604; its…
Full article →
2025.02.20 — Newly-discovered vulnerabilities in OpenSSH open the door to MiTM and DoS attacks
OpenSSH fixed two vulnerabilities that could result in MiTM and denial of service (DoS) attacks. Interestingly, one of these bugs appeared in the code more than 10…
Full article →
2025.04.07 — Critical RCE vulnerability discovered in Apache Parquet
All versions of Apache Parquet up to and including 1.15.0 are affected by a critical remote code execution (RCE) vulnerability whose CVSS score is 10 out…
Full article →
2025.02.25 — More than 100,000 users downloaded SpyLend malware from Google Play Store
According to Cyfirma, a malicious Android app called SpyLend was available on the official Google Play Store for some time and has been downloaded from there…
Full article →
2025.02.07 — 768 vulnerabilities were exploited by hackers in 2024
According to VulnCheck, 768 CVEs were registered as exploited in real-life attacks in 2024. This is 20% greater compared to 2023 when hackers exploited 639 vulnerabilities. Interestingly,…
Full article →
2025.01.27 — YouTube plays hour-long ads to users with ad blockers
Users complain that YouTube plays very long unskippable ads. Sometimes such ads are longer than the video the person is watching. The issue was raised…
Full article →
2025.02.18 — Chrome Enhanced Protection mode is now powered by AI
The Enhanced Protection mode in Google Chrome has been updated. Now it uses AI to protect users from dangerous sites, downloads, and extensions in real time.…
Full article →
2025.01.22 — Fake Homebrew Infects macOS and Linux Machines with infostealer
Attackers use Google ads to disguise themselves as the Homebrew website and distribute malware targeting Mac and Linux systems and stealing logon credentials, browser data, and cryptocurrency wallets.…
Full article →
2025.04.12 — Hackers compromised a bureau within the U.S. Department of the Treasury and spent months in hacked systems
The Office of the Comptroller of the Currency (OCC), an independent bureau within the United States Department of the Treasury, reported a major cybersecurity incident. Unknown attackers had…
Full article →
2025.01.24 — Hundreds of websites impersonating Reddit and WeTransfer spread Lumma Stealer
Sekoia researcher crep1x discovered that hackers are currently using some 1,000 pages impersonating Reddit and WeTransfer. Victims visiting these sites are tricked into…
Full article →