Bleeping Computer

Malicious RubyGems packages used in cryptocurrency supply chain attack

New malicious RubyGems packages have been discovered that are being used in a supply chain attack to steal cryptocurrency from unsuspecting users. RubyGems is a package manager for the Ruby ...
Infosecurity-magazine.com

RubyGems Mandates MFA for Top-100 Package Maintainers

The official package manager for the Ruby programming language has announced it has started mandating multi-factor authentication (MFA) on at least the top-100 RubyGems packages. The firm made the ...
Threat Post

RubyGems Packages Laced with Bitcoin-Stealing Malware

Two malicious software building blocks that could be baked into web applications prey on unsuspecting users. RubyGems, an open-source package repository and manager for the Ruby web programming ...
Ars Technica

The year-long rash of supply chain attacks against open source is getting worse

A rash of supply chain attacks hitting open source software over the past year shows few signs of abating, following the discovery this week of two separate backdoors slipped into a dozen libraries ...
CSOonline

RubyGems typosquatting attack hits Ruby developers with trojanized packages

Over 700 malicious packages with names similar to legitimate ones have been uploaded to RubyGems, a popular repository of third-party components for the Ruby programming language. The upload took ...
Threat Post

RubyGems Patches Remote Code Execution Vulnerability

RubyGems patched an unsafe object deserialization vulnerability this week that could have allowed attackers to remotely execute code on vulnerable systems. RubyGems, a package of software tools that ...