<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/"><channel><title>Supply-Chain on MEISTSEC</title><link>https://6aa388fd.meistsec-blog.pages.dev/tags/supply-chain/</link><description>Recent content in Supply-Chain on MEISTSEC</description><generator>Hugo</generator><language>en-us</language><lastBuildDate>Mon, 15 Jun 2026 00:00:00 +0000</lastBuildDate><atom:link href="https://6aa388fd.meistsec-blog.pages.dev/tags/supply-chain/index.xml" rel="self" type="application/rss+xml"/><item><title>How I Hunted the Atomic Arch AUR Stealer on My Own Box</title><link>https://6aa388fd.meistsec-blog.pages.dev/posts/arch_threat_hunt/</link><pubDate>Mon, 15 Jun 2026 00:00:00 +0000</pubDate><guid>https://6aa388fd.meistsec-blog.pages.dev/posts/arch_threat_hunt/</guid><description>When 400+ Arch AUR packages got hijacked to drop a Rust credential stealer with an optional eBPF rootkit, I ran the full hunt against my own Arch box. Spoiler: clean — but two checks looked like hits and weren&amp;#39;t, providing a good lessons learned experience.</description></item></channel></rss>