News

CSO Online15d
Supply chain attack hits RubyGems to steal Telegram API data
Threat actor exploits Fastlane plugin trust to redirect Telegram traffic via C2 server after Vietnam’s ban, targeting mobile ...
TWCN Tech News5mon
How to install Ruby and Ruby Blunder on Windows 11
To install it, follow the steps mentioned below. On Windows, RubyGems comes included with the actual Ruby installer. When you install Ruby by following the steps mentioned earlier, RubyGems comes ...
GitHub1y
MFA Bypass through password reset function could allow account takeover of a compromised email
This score calculates overall vulnerability severity from 0 to 10 and is based on the Common Vulnerability Scoring System (CVSS). Attack vector: More severe the more the remote (logically and ...
The Hacker News2y
RubyGems Makes Multi-Factor Authentication Mandatory for Top Package Maintainers
RubyGems, the official package manager for the Ruby programming language, has become the latest platform to mandate multi-factor authentication (MFA) for popular package maintainers, following the ...
theregister2y
RubyGems now requires multi-factor auth for top package maintainers
RubyGems.org, the Ruby programming community's software package registry, now requires maintainers of popular "gems" to secure their accounts using multi-factor ...
theregister3y
RubyGems polishes security practices with multi-factor authentication push
This week, RubyGems, the package registry serving the Ruby development community, said it has begun showing warnings through its command line tool to those maintainers of the hundred most popular ...
SecurityWeek3y
RubyGems Fixes Critical Gem Takeover Vulnerability
RubyGems has addressed a critical vulnerability that could have allowed any RubyGems.org user to remove and replace certain Ruby gems. A package hosting service for the Ruby programming language, ...
Bleeping Computer3y
Check your gems: RubyGems fixes unauthorized package takeover bug
At this time, RubyGems.org maintainers do not believe the vulnerability has been exploited, according to the results of an audit that analyzed gem changes made over the last 18 months on the platform.
Threat Post4y
RubyGems Packages Laced with Bitcoin-Stealing Malware
RubyGems, an open-source package repository and manager for the Ruby web programming language, has taken two of its software packages offline after they were found to be laced with malware.
Bleeping Computer4y
Malicious RubyGems packages used in cryptocurrency supply chain attack
New malicious RubyGems packages have been discovered that are being used in a supply chain attack to steal cryptocurrency from unsuspecting users. RubyGems is a package manager for the Ruby ...
decrypt5y
Bitcoin stealer infected 700+ libraries of major programming language
Hackers targeted installation packages for the Ruby programming language. RubyGems libraries were infected with malware; developers could accidentally install Bitcoin stealers. Luckily, the attack was ...