A revised patch has been released for a flaw in the distribution platform for Ruby applications, RubyGems, which could be used to deliver malware to someone trying to download a program. RubyGems lets ...

New malicious RubyGems packages have been discovered that are being used in a supply chain attack to steal cryptocurrency from unsuspecting users. RubyGems is a package manager for the Ruby ...

For two years now, a Korean threat actor has been publishing malicious open source software (OSS) packages designed to steal credentials from spam marketers. Are you tired of shady, throwaway online ...

Ruby Central is said to have quietly snatched control of several flagship Ruby open source projects from their long-time maintainers without their consent, following pressure from Shopify, one of its ...

A new threat campaign is using RubyGems as a dead drop to store exfiltrated data, but the attacker's long-term plans are less clear. Software development security vendor Socket published research ...

A team including maintainers removed without notice from the RubyGems.org project has formed the Gem Cooperative and created a new gem server called gem.coop, compatible with RubyGems.… Martin Emde, ...

GitHub has recently expanded its secrets scanning capabilities to repositories containing PyPI and RubyGems registry secrets. The move helps protect millions of applications built by Ruby and Python ...

Ruby Central, a non-profit organisation of the Ruby community, seized control of the GitHub repositories and some important gems of the RubyGems and Bundler package ecosystems without warning in ...