Arch Linux supply-chain worm, Velvet Ant backdoor, Gemini phishing-as-a-service

Over 400 Arch Linux AUR packages were hijacked to distribute a Rust credential-stealer and an eBPF rootkit, a China-linked group dubbed 'Velvet Ant' secretly backdoored Linux authentication (PAM/OpenSSH) for nearly a decade, Google filed suit against a Gemini AI-powered smishing/phishing-as-a-service network, a 10-year phpBB authentication bypass was fixed, and Meta's AI support assistant was abused to reset high-profile Instagram accounts — immediate audits, credential revocation, patching, and integrity checks are recommended.