Security researchers from Socket have found that a group of attackers has been infecting the RubyGems code repository with ...

RubyGems patched an unsafe object deserialization vulnerability this week that could have allowed attackers to remotely execute code on vulnerable systems. RubyGems, a package of software tools ...

Sixty malicious Ruby gems containing credential-stealing code have been downloaded over 275,000 times since March 2023, ...

GitHub will now scan for PyPI, RubyGems secrets Yesterday, GitHub announced that it will now automatically scan repositories exposing PyPI and RubyGems secrets, such as credentials and API tokens.

RubyGems, an open-source package repository and manager for the Ruby web programming language, has taken two of its software packages offline after they were found to be laced with malware.

In 2016, a college student uploaded sketchy scripts to RubyGems, PyPi, and NPM, which are community websites for developers of the Python, Ruby, and JavaScript programming languages, respectively.

Over 700 malicious packages with names similar to legitimate ones have been uploaded to RubyGems, a popular repository of third-party components for the Ruby programming language.

Two months later, RubyGems is now making MFA mandatory for popular packages, but the company said it intends to extend the feature to more packages in the future. “We have plans to increase MFA ...

Threat actor exploits Fastlane plugin trust to redirect Telegram traffic via C2 server after Vietnam’s ban, targeting mobile app CI/CD pipelines. An ongoing supply chain attack is targeting the ...