<![CDATA[RubyGems Suspends New Signups Following Mass Malicious Package Injection]]>RubyGems Suspends New Signups Following Mass Malicious Package Injection

RubyGems suspended new account registrations after attackers uploaded hundreds of malicious packages containing exploits to the repository.

**If you're a Ruby developer, audit your Gemfile.lock for any unfamiliar or recently added dependencies and run bundle-audit to scan for known vulnerabilities. Avoid installing or updating gems until RubyGems confirms the cleanup is complete, and treat any new dependency added in the last few days with extra suspicion.**

https://beyondmachines.net/event_details/rubygems-suspends-new-signups-following-mass-malicious-package-injection-x-e-f-z-2/gD2P6Ple2L

]]>https://board.circlewithadot.net/topic/12a3886d-7c35-454c-9794-f22127d17be3/rubygems-suspends-new-signups-following-mass-malicious-package-injectionRSS for NodeFri, 15 May 2026 10:26:34 GMTWed, 13 May 2026 10:01:07 GMT60<![CDATA[Reply to RubyGems Suspends New Signups Following Mass Malicious Package Injection on Wed, 13 May 2026 14:13:03 GMT]]>@jschwart no reports on gem.coop.
RubyGems were quite loud about this, and we can't find whether gem.coop uses the same files published to RubyGems...

Safest approach is to still do the same level of review as if gem.coop was attacked.

]]>https://board.circlewithadot.net/post/https://infosec.exchange/users/beyondmachines1/statuses/116567676249226616https://board.circlewithadot.net/post/https://infosec.exchange/users/beyondmachines1/statuses/116567676249226616Wed, 13 May 2026 14:13:03 GMT<![CDATA[Reply to RubyGems Suspends New Signups Following Mass Malicious Package Injection on Wed, 13 May 2026 10:04:01 GMT]]>@beyondmachines1 does this apply only if you missed switching over to gem.coop or is that affected as well?

]]>https://board.circlewithadot.net/post/https://mas.to/users/jschwart/statuses/116566697046405421https://board.circlewithadot.net/post/https://mas.to/users/jschwart/statuses/116566697046405421Wed, 13 May 2026 10:04:01 GMT