Registry-Attack

supply-chain 2026-05-13
RubyGems Disables New Signups After Hundreds of Malicious Packages Target Registry Staff
RubyGems froze new account registration after an attacker uploaded hundreds of malicious gems on May 11-12 specifically targeting RubyGems engineers, with XSS payloads and credential-stealing exploits embedded in the packages.
supply-chain rubygems ruby credential-theft registry-attack ci-cd

RubyGems Disables New Signups After Hundreds of Malicious Packages Target Registry Staff