In 2016, a college student uploaded sketchy scripts to RubyGems, PyPi, and NPM, which are community websites for developers of the Python, Ruby, and JavaScript programming languages, respectively.

RubyGems patched an unsafe object deserialization vulnerability this week that could have allowed attackers to remotely execute code on vulnerable systems. RubyGems, a package of software tools ...

New malicious RubyGems packages have been discovered that are being used in a supply chain attack to steal cryptocurrency from unsuspecting users. RubyGems is a package manager for the Ruby ...

The RubyGems.org registry is the community's gem hosting service allowing developers to instantly publish or install gems and use a set of specialized APIs.

Over 700 malicious packages with names similar to legitimate ones have been uploaded to RubyGems, a popular repository of third-party components for the Ruby programming language. The upload took ...

Threat actor exploits Fastlane plugin trust to redirect Telegram traffic via C2 server after Vietnam’s ban, targeting mobile app CI/CD pipelines. An ongoing supply chain attack is targeting the ...

RubyGems, an open-source package repository and manager for the Ruby web programming language, has taken two of its software packages offline after they were found to be laced with malware.

Two months later, RubyGems is now making MFA mandatory for popular packages, but the company said it intends to extend the feature to more packages in the future. “We have plans to increase MFA ...