A revised patch has been released for a flaw in the distribution platform for Ruby applications, RubyGems, which could be used to deliver malware to someone trying to download a program. RubyGems lets ...

New malicious RubyGems packages have been discovered that are being used in a supply chain attack to steal cryptocurrency from unsuspecting users. RubyGems is a package manager for the Ruby ...

Ruby Central, a non-profit organization that manages a package management system for Ruby, has expelled the maintainer of a related system called RubyGems, sparking controversy over a 'takeover.' A ...

Ruby Central is said to have quietly snatched control of several flagship Ruby open source projects from their long-time maintainers without their consent, following pressure from Shopify, one of its ...

For two years now, a Korean threat actor has been publishing malicious open source software (OSS) packages designed to steal credentials from spam marketers. Are you tired of shady, throwaway online ...

Below is a copy and paste of a PDF written by a maintainer named Ellen Dash about the RubyGems controversy, written by a Hacker News user. Ellen, who has been a member of the Ruby community since she ...

A decade-long RubyGems maintainer, Ellen Dash (also known as duckinator), has resigned from Ruby Central following what she described as a "hostile takeover" of the open source project.… RubyGems is ...

A new threat campaign is using RubyGems as a dead drop to store exfiltrated data, but the attacker's long-term plans are less clear. Software development security vendor Socket published research ...

The RubyGems package repository has fixed a critical vulnerability that would allow anyone to unpublish ("yank") certain Ruby packages from the repository and republish their tainted or malicious ...

Ruby Central, a non-profit organisation of the Ruby community, seized control of the GitHub repositories and some important gems of the RubyGems and Bundler package ecosystems without warning in ...