Threat Post

RubyGems Patches Remote Code Execution Vulnerability

RubyGems patched an unsafe object deserialization vulnerability this week that could have allowed attackers to remotely execute code on vulnerable systems. RubyGems, a package of software tools that ...
Bleeping Computer

60 malicious Ruby gems downloaded 275,000 times steal credentials

Sixty malicious Ruby gems containing credential-stealing code have been downloaded over 275,000 times since March 2023, targeting developer accounts. The malicious Ruby gems were discovered by Socket, ...
Dark Reading

Attackers Weaponize RubyGems for Data Dead Drops

A new threat campaign is using RubyGems as a dead drop to store exfiltrated data, but the attacker's long-term plans are less clear. Software development security vendor Socket published research ...
Hosted on MSN

Ruby Central tries to make peace after 'hostile takeover'

Ruby Central, the non-profit that recently seized some Ruby open source tools from maintainers, is transferring the repository ownership of RubyGems and Bundler to the Ruby core team. The move appears ...