You Run One Update. Your Whole Professional Life Is Stolen.
Abandoned Arch Linux package changed hands while you slept. You updated at breakfast. After your first coffee, it was already too late.
Update the system. Get coffee. Come back to a clean prompt.
That is the whole morning, every morning, for millions of Arch Linux users. On June 11, 2026, the prompt came back just as clean. The packages people installed two years ago were still there, maintained by the same names they had always trusted.
Except one of those names had changed hands the night before.
By the second meeting, the laptop sat open on the desk, the morning as ordinary as the last thousand. While its owner sat there talking, the machine copied the files and credentials that mattered and sent them to someone who would never be traced.
Users didn't do anything abnormal to be in this vulnerable position. They had done the one thing every guide tells you to do:
They updated...
This is the story of how 1,500 packages fell to one click in a single day.