Bleeping Computer

GitHub now scans for accidentally-exposed PyPI, RubyGems secrets

GitHub has recently expanded its secrets scanning capabilities to repositories containing PyPI and RubyGems registry secrets. The move helps protect millions of applications built by Ruby and Python ...
Threat Post

RubyGems Patches Remote Code Execution Vulnerability

RubyGems patched an unsafe object deserialization vulnerability this week that could have allowed attackers to remotely execute code on vulnerable systems. RubyGems, a package of software tools that ...
Bleeping Computer

Malicious RubyGems packages used in cryptocurrency supply chain attack

New malicious RubyGems packages have been discovered that are being used in a supply chain attack to steal cryptocurrency from unsuspecting users. RubyGems is a package manager for the Ruby ...
Threat Post

RubyGems Packages Laced with Bitcoin-Stealing Malware

Two malicious software building blocks that could be baked into web applications prey on unsuspecting users. RubyGems, an open-source package repository and manager for the Ruby web programming ...
GIGAZINE

Ownership of the RubyGems repository, which was suddenly hijacked and its maintainer kicked out, will be transferred to the Ruby core team.

In September 2025, a RubyGems maintainer renamed RubyGems' GitHub Enterprise site to 'Ruby Central' without prior notice, added Marty Haught of Ruby Central, who had not previously been a RubyGems ...
GIGAZINE

Investigation reveals Shopify manipulated Ruby Central to force takeover of Bundler and RubyGems

Ruby Central, a non-profit organization that manages a package management system for Ruby, has expelled the maintainer of a related system called RubyGems, sparking controversy over a 'takeover.' A ...