A revised patch has been released for a flaw in the distribution platform for Ruby applications, RubyGems, which could be used to deliver malware to someone trying to download a program. RubyGems lets ...

New malicious RubyGems packages have been discovered that are being used in a supply chain attack to steal cryptocurrency from unsuspecting users. RubyGems is a package manager for the Ruby ...

A monthly overview of things you need to know as an architect or aspiring architect. Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with ...

For two years now, a Korean threat actor has been publishing malicious open source software (OSS) packages designed to steal credentials from spam marketers. Are you tired of shady, throwaway online ...

A new threat campaign is using RubyGems as a dead drop to store exfiltrated data, but the attacker's long-term plans are less clear. Software development security vendor Socket published research ...

Below is a copy and paste of a PDF written by a maintainer named Ellen Dash about the RubyGems controversy, written by a Hacker News user. Ellen, who has been a member of the Ruby community since she ...

A decade-long RubyGems maintainer, Ellen Dash (also known as duckinator), has resigned from Ruby Central following what she described as a "hostile takeover" of the open source project.… RubyGems is ...

GitHub has recently expanded its secrets scanning capabilities to repositories containing PyPI and RubyGems registry secrets. The move helps protect millions of applications built by Ruby and Python ...

Over 700 malicious packages with names similar to legitimate ones have been uploaded to RubyGems, a popular repository of third-party components for the Ruby programming language. The upload took ...

Ruby Central, a non-profit organisation of the Ruby community, seized control of the GitHub repositories and some important gems of the RubyGems and Bundler package ecosystems without warning in ...