PC World

RubyGems DNS flaw now patched after second try

A revised patch has been released for a flaw in the distribution platform for Ruby applications, RubyGems, which could be used to deliver malware to someone trying to download a program. RubyGems lets ...
InfoQ

RubyGems.org Replaces RubyForge as Gem Host

A monthly overview of things you need to know as an architect or aspiring architect. Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with ...
Bleeping Computer

Malicious RubyGems packages used in cryptocurrency supply chain attack

New malicious RubyGems packages have been discovered that are being used in a supply chain attack to steal cryptocurrency from unsuspecting users. RubyGems is a package manager for the Ruby ...
GIGAZINE

Ownership of the RubyGems repository, which was suddenly hijacked and its maintainer kicked out, will be transferred to the Ruby core team.

In September 2025, a RubyGems maintainer renamed RubyGems' GitHub Enterprise site to 'Ruby Central' without prior notice, added Marty Haught of Ruby Central, who had not previously been a RubyGems ...
Hosted on MSN

Open source to closed doors: RubyGems control fight erupts

Ruby Central is said to have quietly snatched control of several flagship Ruby open source projects from their long-time maintainers without their consent, following pressure from Shopify, one of its ...
Dark Reading

60 RubyGems Packages Steal Data From Annoying Spammers

For two years now, a Korean threat actor has been publishing malicious open source software (OSS) packages designed to steal credentials from spam marketers. Are you tired of shady, throwaway online ...
Bleeping Computer

Check your gems: RubyGems fixes unauthorized package takeover bug

The RubyGems package repository has fixed a critical vulnerability that would allow anyone to unpublish ("yank") certain Ruby packages from the repository and republish their tainted or malicious ...
heise online

Who owns an open source project? – RubyGems threatens to split

Ruby Central, a non-profit organisation of the Ruby community, seized control of the GitHub repositories and some important gems of the RubyGems and Bundler package ecosystems without warning in ...