Bleeping Computer

Malicious RubyGems packages used in cryptocurrency supply chain attack

New malicious RubyGems packages have been discovered that are being used in a supply chain attack to steal cryptocurrency from unsuspecting users. RubyGems is a package manager for the Ruby ...
Dark Reading

60 RubyGems Packages Steal Data From Annoying Spammers

For two years now, a Korean threat actor has been publishing malicious open source software (OSS) packages designed to steal credentials from spam marketers. Are you tired of shady, throwaway online ...
The Hacker News

Poisoned Ruby Gems and Go Modules Exploit CI Pipelines for Credential Theft

Sleeper packages in Ruby and Go steal credentials and alter CI workflows, leading to persistent access and data exfiltration.
Bleeping Computer

Check your gems: RubyGems fixes unauthorized package takeover bug

RubyGem developers can audit their application history for possible past exploits by reviewing their Gemfile.lock and searching for gems that had their platform changed with version numbers remaining ...
The Next Web

Cryptojacking malware found in 11 RubyGem language repositories

Malware designed to surreptitiously infect victims’ computer systems and mine cryptocurrency on behalf of hackers has been found in 11 code libraries on programming language manager RubyGems. Hackers ...
CSOonline

RubyGems typosquatting attack hits Ruby developers with trojanized packages

Over 700 malicious packages with names similar to legitimate ones have been uploaded to RubyGems, a popular repository of third-party components for the Ruby programming language. The upload took ...