Tag: RubyGems
-
Nascent Malware Attacking npm, PyPI, and RubyGems Developers
Phylum analyzes source code and metadata for all registry-pushed packages. This year, in millions of packages they are aiming to examine …
-
RubyGems now requires multi-factor auth for top package maintainers
RubyGems.org, the Ruby programming community’s software package registry, now requires maintainers of popular “gems” to secure their …
-
RubyGems supply chain rip-and-replace bug fixed – check your logs!
Popular package management site RubyGems.org, which stores and supplies hundreds of thousands of modules for the widely-used programming …
-
GitHub now scans for accidentally-exposed PyPI, RubyGems secrets
GitHub has recently expanded its secrets scanning capabilities to repositories containing PyPI and RubyGems registry secrets. The move …
-
RubyGems Packages Laced with Bitcoin-Stealing Malware
RubyGems, an open-source package repository and manager for the Ruby web programming language, has taken two of its software packages …
-
Typosquatting RubyGems laced with Bitcoin-nabbing malware have been downloaded thousands of times
A researcher has uncovered malicious packages in the RubyGems repository, one of which was downloaded more than 2,000 times. RubyGems, the …
-
Hackers use typosquatting to trojanize 700 libraries in Ruby Repository
These are believed to have been done between 16 and 25 February, 2020 by two user accounts named “Jim Carrey” and “PeterGibbons” …
-
760+ malicious packages found typosquatting on RubyGems
Researchers have discovered over 760 malicious Ruby packages (aka “gems”) typosquatting on RubyGems, the Ruby community’s gem …
-
Over 700 Malicious Typosquatted Libraries Found On RubyGems Repository
As developers increasingly embrace off-the-shelf software components into their apps and services, threat actors are abusing open-source …
-
Backdoored Ruby gems stole credentials, injected cryptomining code
The compromise of several older versions of a popular Ruby software package (aka a Ruby “gem”) has led to the discovery of a more …
-
Backdoor discovered in Ruby strong_password library
An eagle-eyed developer has discovered a backdoor recently sneaked into a library (or ‘gem’) used by Ruby on Rails (RoR) web apps to …
●●●