Bleeping Computer

Malicious RubyGems packages used in cryptocurrency supply chain attack

New malicious RubyGems packages have been discovered that are being used in a supply chain attack to steal cryptocurrency from unsuspecting users. RubyGems is a package manager for the Ruby ...
CSO Online

Patching fast and slow: Ruby devs delay to defend against supply chain attack

To counteract this, RubyGems team has added a new cooldown argument to Bundler that takes ignores gems until they have been ...
Dark Reading

60 RubyGems Packages Steal Data From Annoying Spammers

For two years now, a Korean threat actor has been publishing malicious open source software (OSS) packages designed to steal credentials from spam marketers. Are you tired of shady, throwaway online ...
CSOonline

RubyGems typosquatting attack hits Ruby developers with trojanized packages

Over 700 malicious packages with names similar to legitimate ones have been uploaded to RubyGems, a popular repository of third-party components for the Ruby programming language. The upload took ...