Infosecurity-magazine.com

RubyGems Mandates MFA for Top-100 Package Maintainers

The official package manager for the Ruby programming language has announced it has started mandating multi-factor authentication (MFA) on at least the top-100 RubyGems packages. The firm made the ...
Ars Technica

The year-long rash of supply chain attacks against open source is getting worse

A rash of supply chain attacks hitting open source software over the past year shows few signs of abating, following the discovery this week of two separate backdoors slipped into a dozen libraries ...
Threat Post

RubyGems Patches Remote Code Execution Vulnerability

RubyGems patched an unsafe object deserialization vulnerability this week that could have allowed attackers to remotely execute code on vulnerable systems. RubyGems, a package of software tools that ...
CSOonline

RubyGems typosquatting attack hits Ruby developers with trojanized packages

Over 700 malicious packages with names similar to legitimate ones have been uploaded to RubyGems, a popular repository of third-party components for the Ruby programming language. The upload took ...
Bleeping Computer

Malicious RubyGems pose as Fastlane to steal Telegram API data

Two malicious RubyGems packages posing as popular Fastlane CI/CD plugins redirect Telegram API requests to attacker-controlled servers to intercept and steal data. RubyGems is the official package ...