{“lastseen”:”2026-05-12T15:04:40″,”description”:”\\n\\n**RubyGems** , the standard package manager for the Ruby programming language, has temporarily paused account sign ups following what has been described as a \\”major malicious attack.\\”\\n\\n\\”We’re dealing with a major malicious attack on Ruby Gems right now,\\” Maciej Mensfeld, senior product manager for software supply chain security at Mend.io, said in a post on X. \\”Signups are paused for the time being. Hundreds of packages involved \u2013 mostly targeting us, but some carrying exploits.\\”\\n\\nVisitors to RubyGems’ sign up page are now greeted with the message: \\”New account registration has been temporarily disabled.\\”\\n\\nMend.io, which secures RubyGems, said it intends to release more details once the incident is contained. It’s currently not known who is behind the attack.\\n\\nThe development comes as software supply chain attacks targeting the open-source ecosystems have been on the rise, with threat actors like TeamPCP compromising widely used packages to distribute credential-stealing malware capable of harvesting sensitive data and allowing the attackers to expand their reach.\\n\\nIn a report published Monday, Google said the credentials stolen from affected environments have been monetized through partnerships with ransomware and data theft extortion groups.\\n\\n_(This is a developing story. Please check back for more details.)_\\n\\nFound this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post.\\n”,”published”:”2026-05-12T14:47:00″,”modified”:”2026-05-12T14:47:11″,”type”:”thn”,”title”:”RubyGems Suspends New Signups After Hundreds of Malicious Packages Are Uploaded”,”source”:””,”references”:””,”id”:”THN:D4FC3BD7F7B156B30DE6CF3277681637″,”bulletinFamily”:”info”,”cwe”:null,”cvelist”:[],”sourceData”:””,”sourceHref”:””,”cvss”:{“score”:0,”severity”:”NONE”,”vector”:”NONE”,”version”:”NONE”},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/thehackernews.com\/2026\/05\/rubygems-suspends-new-signups-after.html”,”category_name”:”News”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:”2026-05-12T15:04:40″,”description”:”\\n\\n**RubyGems** , the standard package manager for the Ruby programming language, has temporarily paused account sign ups following what has been described as a \\”major…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[6,8,12,13,33,7,11,43,5],"class_list":["post-53413","post","type-post","status-publish","format-standard","hentry","category-category_news","tag-cve","tag-cvss","tag-exploit","tag-news","tag-none","tag-security","tag-tapic","tag-thn","tag-vulnerability"],"yoast_head":"\n