Bleeping Computer

Malicious RubyGems packages used in cryptocurrency supply chain attack

New malicious RubyGems packages have been discovered that are being used in a supply chain attack to steal cryptocurrency from unsuspecting users. RubyGems is a package manager for the Ruby ...
CSO Online

Patching fast and slow: Ruby devs delay to defend against supply chain attack

To counteract this, RubyGems team has added a new cooldown argument to Bundler that takes ignores gems until they have been ...
Dark Reading

60 RubyGems Packages Steal Data From Annoying Spammers

For two years now, a Korean threat actor has been publishing malicious open source software (OSS) packages designed to steal credentials from spam marketers. Are you tired of shady, throwaway online ...
Bleeping Computer

Check your gems: RubyGems fixes unauthorized package takeover bug

The RubyGems package repository has fixed a critical vulnerability that would allow anyone to unpublish ("yank") certain Ruby packages from the repository and republish their tainted or malicious ...
Ars Technica

Supply-chain attack hits RubyGems repository with 725 malicious packages

More than 725 malicious packages downloaded thousands of times were recently found populating RubyGems, the official channel for distributing programs and code libraries for the Ruby programming ...
Dark Reading

Attackers Impersonate Ruby Packages to Steal Sensitive Telegram Data

Attackers are exploiting a popular code package for the Ruby programming language in a supply chain attack aimed at stealing sensitive data from Telegram chats. The attack demonstrates how threat ...
CSOonline

RubyGems typosquatting attack hits Ruby developers with trojanized packages

Over 700 malicious packages with names similar to legitimate ones have been uploaded to RubyGems, a popular repository of third-party components for the Ruby programming language. The upload took ...