Connect with us

Security

RubyGems Halts Registrations Due to Influx of Malicious Packages

Published

10 seconds ago

on

RubyGems Temporarily Pauses Account Sign Ups Due to Major Malicious Attack

Account sign ups for RubyGems, the primary package manager for the Ruby programming language, have been temporarily halted in response to a significant malicious attack.

“We’re currently addressing a major malicious assault on RubyGems,” stated Maciej Mensfeld, senior product manager for software supply chain security at Mend.io. “Sign ups are currently on hold. Numerous packages have been affected, with the primary targets being us, while some contain exploitations.”

Individuals attempting to register for a new account on RubyGems are now met with a message stating, “New account registration has been temporarily disabled.”

Mend.io, the organization responsible for securing RubyGems, has indicated that more information will be made available once the situation is under control. The identity of the attackers remains unknown at this time.

This incident occurs amidst a rise in software supply chain attacks directed at open-source ecosystems. Threat actors, such as TeamPCP, have been infiltrating widely used packages to distribute malware that steals credentials, enabling them to access sensitive data and expand their malicious activities.

In a recent report issued by Google, it was revealed that the stolen credentials from affected environments have been leveraged through partnerships with ransomware and data theft extortion groups.

(This story is developing. Check back for updates.)

See also  Canadian Hacktivists Target Water and Energy Infrastructure
Related Topics:
Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Trending