#rubygems

[ follow ]
#supply-chain-security #malware #ruby-central #bundler #open-source-governance #governance #shopify
Information security
fromThe Hacker News
7 hours ago

GemStuffer Abuses 150+ RubyGems to Exfiltrate Scraped U.K. Council Portal Data

GemStuffer abuses RubyGems to exfiltrate scraped UK council portal content by publishing data-bearing gems using hardcoded API keys.
fromSecurityWeek
9 hours ago

Hundreds of Malicious Packages Force RubyGems to Suspend Registrations

New account registrations on RubyGems.org, the official Ruby gem hosting service, have been suspended after threat actors published hundreds of malicious packages. RubyGems maintainers announced on May 12 that registrations have been temporarily disabled due to a "DDoS attack". Nearly 24 hours later, registrations are still disabled and will likely remain closed for another 2-3 days until account creation rate limiting can be tightened and WAF protection is enabled.
Ruby on Rails
Ruby on Rails
fromThe Hacker News
1 day ago

RubyGems Suspends New Signups After Hundreds of Malicious Packages Are Uploaded

RubyGems temporarily disabled new account registrations after a major malicious attack involving hundreds of packages, some carrying exploits.
#ruby-central
more#ruby-central
#bundler
more#bundler
Ruby on Rails
fromTheregister
7 months ago

Ex-RubyGems maintainers forge new home at Gem Cooperative

A group of former RubyGems.org maintainers created the Gem Cooperative and a compatible gem server, gem.coop, providing immediate read access to RubyGems.org packages.
Ruby on Rails
fromRubyflow
7 months ago

It's Official! The Bullies Are Running The Ruby Community!

Shopify leveraged influence over Ruby Central to take control of Bundler and RubyGems, undermining project neutrality for commercial advantage.
Ruby on Rails
fromThe Hacker News
9 months ago

RubyGems, PyPI Hit by Malicious Packages Stealing Credentials, Crypto, Forcing Security Changes

60 malicious RubyGems packages target unsuspecting users, posing as automation tools to steal credentials.
fromRubyflow
1 year ago

[ANN] bidi2pdf 0.1.7 & bidi2pdf-rails 0.0.1.alpha.1 released

bidi2pdf 0.1.7 introduces ActiveSupport::Notifications-style instrumentation, enabling seamless integration with Rails' native instrumentation and compatibility with logging or monitoring setups.
[ Load more ]