New malicious RubyGems packages have been discovered that are being used in a supply chain attack to steal cryptocurrency from unsuspecting users. RubyGems is a package manager for the Ruby ...

In September 2025, a RubyGems maintainer renamed RubyGems' GitHub Enterprise site to 'Ruby Central' without prior notice, added Marty Haught of Ruby Central, who had not previously been a RubyGems ...

A decade-long RubyGems maintainer, Ellen Dash (also known as duckinator), has resigned from Ruby Central following what she described as a "hostile takeover" of the open source project.… RubyGems is ...

The RubyGems package repository has fixed a critical vulnerability that would allow anyone to unpublish ("yank") certain Ruby packages from the repository and republish their tainted or malicious ...

For two years now, a Korean threat actor has been publishing malicious open source software (OSS) packages designed to steal credentials from spam marketers. Are you tired of shady, throwaway online ...

Maintainers of the RubyGems package repository have yanked 18 malicious versions of 11 Ruby libraries that contained a backdoor mechanism and were caught inserting code that launched hidden ...

Ruby Central, a non-profit organisation of the Ruby community, seized control of the GitHub repositories and some important gems of the RubyGems and Bundler package ecosystems without warning in ...

A revised patch has been released for a flaw in the distribution platform for Ruby applications, RubyGems, which could be used to deliver malware to someone trying to download a program. RubyGems lets ...