SecurityWeek

Hundreds of Malicious Packages Force RubyGems to Suspend Registrations

New account registrations on RubyGems.org have been suspended after threat actors published hundreds of malicious packages.
InfoWorld

RubyGems.org warns developers to verify gems for file tampering

Another day, another reminder to be careful about installing software downloaded from the Internet: This time, the warning is for the Ruby community. The team behind RubyGems.org closed two security ...
GIGAZINE

Ownership of the RubyGems repository, which was suddenly hijacked and its maintainer kicked out, will be transferred to the Ruby core team.

In September 2025, a RubyGems maintainer renamed RubyGems' GitHub Enterprise site to 'Ruby Central' without prior notice, added Marty Haught of Ruby Central, who had not previously been a RubyGems ...
Bleeping Computer

Check your gems: RubyGems fixes unauthorized package takeover bug

"RubyGems.org sends an email to all gem owners when a gem version is published or yanked. We have not received any support emails from gem owners indicating that their gem has been yanked without ...
GIGAZINE

RubyGems' GitHub Enterprise was renamed to Ruby Central, expelling existing maintainers

Below is a copy and paste of a PDF written by a maintainer named Ellen Dash about the RubyGems controversy, written by a Hacker News user. Ellen, who has been a member of the Ruby community since she ...
IT News For Australia Business

RubyGems in recovery mode after site hack

Volunteers at RubyGems.org are scrambling to recover the software repository after it was compromised yesterday. An unknown user uploaded a malicious code package to RubyGems that executed on its ...
InfoQ

RubyGems.org Replaces RubyForge as Gem Host

A monthly overview of things you need to know as an architect or aspiring architect. Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with ...