PC World

RubyGems DNS flaw now patched after second try

A revised patch has been released for a flaw in the distribution platform for Ruby applications, RubyGems, which could be used to deliver malware to someone trying to download a program. RubyGems lets ...

Ruby Central in 'real financial jeopardy' following RubyGems maintainer ruckus

Ruby Central, a nonprofit that supports the Ruby programming language ecosystem, in is "real financial jeopardy," according to a missive from its board members. Among other cost-cutting measures, it ...
Bleeping Computer

Malicious RubyGems packages used in cryptocurrency supply chain attack

New malicious RubyGems packages have been discovered that are being used in a supply chain attack to steal cryptocurrency from unsuspecting users. RubyGems is a package manager for the Ruby ...
Threat Post

RubyGems Patches Remote Code Execution Vulnerability

RubyGems patched an unsafe object deserialization vulnerability this week that could have allowed attackers to remotely execute code on vulnerable systems. RubyGems, a package of software tools that ...
GIGAZINE

Investigation reveals Shopify manipulated Ruby Central to force takeover of Bundler and RubyGems

Ruby Central, a non-profit organization that manages a package management system for Ruby, has expelled the maintainer of a related system called RubyGems, sparking controversy over a 'takeover.' A ...
GIGAZINE

Ownership of the RubyGems repository, which was suddenly hijacked and its maintainer kicked out, will be transferred to the Ruby core team.

In September 2025, a RubyGems maintainer renamed RubyGems' GitHub Enterprise site to 'Ruby Central' without prior notice, added Marty Haught of Ruby Central, who had not previously been a RubyGems ...
Threat Post

RubyGems Patches Serious Redirection Vulnerability

RubyGems maintainers patched a vulnerability, reported by Trustwave and OpenDNS, that allows RubyGem clients to be redirected to an attacker-controlled gem server. RubyGems make life easier for ...