Supply-chain attack hits RubyGems repository with 725 malicious packages Bitcoin currency stealer was downloaded thousands of times.

RubyGems patched an unsafe object deserialization vulnerability this week that could have allowed attackers to remotely execute code on vulnerable systems.

New malicious RubyGems packages have been discovered that are being used in a supply chain attack to steal cryptocurrency from unsuspecting users.

Two malicious RubyGems packages posing as popular Fastlane CI/CD plugins redirect Telegram API requests to attacker-controlled servers to intercept and steal data.

Over 700 malicious packages with names similar to legitimate ones have been uploaded to RubyGems, a popular repository of third-party components for the Ruby programming language. The upload took ...

RubyGems, an open-source package repository and manager for the Ruby web programming language, has taken two of its software packages offline after they were found to be laced with malware.

As for RubyGems, the package manager first outlined the idea of making popular Ruby packages more secure via MFA in June, particularly to defend against account takeovers, which recently witnessed a ...

An ongoing supply chain attack is targeting the RubyGems ecosystem to publish malicious packages intended to steal sensitive Telegram data.

As noted earlier, NPM isn’t the only open source repository to be infiltrated with malicious packages. The PyPi repository for Python has seen its share of malware-laden packages, as has RubyGems.