Threat Post

RubyGems Packages Laced with Bitcoin-Stealing Malware

Two malicious software building blocks that could be baked into web applications prey on unsuspecting users. RubyGems, an open-source package repository and manager for the Ruby web programming ...
Bleeping Computer

Malicious RubyGems pose as Fastlane to steal Telegram API data

Two malicious RubyGems packages posing as popular Fastlane CI/CD plugins redirect Telegram API requests to attacker-controlled servers to intercept and steal data. RubyGems is the official package ...
Infosecurity-magazine.com

RubyGems Mandates MFA for Top-100 Package Maintainers

The official package manager for the Ruby programming language has announced it has started mandating multi-factor authentication (MFA) on at least the top-100 RubyGems packages. The firm made the ...
Bleeping Computer

GitHub now scans for accidentally-exposed PyPI, RubyGems secrets

GitHub has recently expanded its secrets scanning capabilities to repositories containing PyPI and RubyGems registry secrets. The move helps protect millions of applications built by Ruby and Python ...
heise online

Who owns an open source project? – RubyGems threatens to split

Ruby Central, a non-profit organisation of the Ruby community, seized control of the GitHub repositories and some important gems of the RubyGems and Bundler package ecosystems without warning in ...
Threat Post

RubyGems Patches Remote Code Execution Vulnerability

RubyGems patched an unsafe object deserialization vulnerability this week that could have allowed attackers to remotely execute code on vulnerable systems. RubyGems, a package of software tools that ...