{"id":893,"date":"2026-05-12T16:51:46","date_gmt":"2026-05-12T16:51:46","guid":{"rendered":"https:\/\/thedigitalfortress.us\/?p=893"},"modified":"2026-05-12T16:51:46","modified_gmt":"2026-05-12T16:51:46","slug":"rubygems-suspends-new-signups-after-hundreds-of-malicious-packages-are-uploaded","status":"publish","type":"post","link":"https:\/\/thedigitalfortress.us\/?p=893","title":{"rendered":"RubyGems Suspends New Signups After Hundreds of Malicious Packages Are Uploaded"},"content":{"rendered":"<div>\n<p><span class=\"p-author\"><i class=\"icon-font icon-user\">\ue804<\/i><span class=\"author\">Ravie Lakshmanan<\/span><i class=\"icon-font icon-calendar\">\ue802<\/i><span class=\"author\">May 12, 2026<\/span><\/span><span class=\"p-tags\">Supply Chain Attack \/ Software Security<\/span><\/p>\n<\/div>\n<div id=\"articlebody\">\n<div class=\"separator\" style=\"clear: both;\"><a href=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEggIbYm86Vn45Nd86Hd5IEqHufRIS5Ud3spGUy5JWHy-My-NBVocyj-aR7E3gBKibPnrWd5DRYnDfmbaHUMuaYcNn_paUIDN11VLySLNUsXwFwVIALsNo419985zWvtepK7NVp9J4W3d7uHGWkQFgqI6zY_9Y5LWe5hsTLk-c9ZMKQ4TDlUMcMh8-_vhdIH\/s1700-e365\/rubygems.jpg\" style=\"display: block;  text-align: center; clear: left; float: left;\"><\/a><\/div>\n<p><b>RubyGems<\/b>, the standard package manager for the Ruby programming language, has temporarily paused account sign ups following what has been described as a \u00abmajor malicious attack.\u00bb<\/p>\n<p>\u00abWe&#8217;re dealing with a major malicious attack on Ruby Gems right now,\u00bb Maciej Mensfeld, senior product manager for software supply chain security at Mend.io, <a href=\"https:\/\/x.com\/maciejmensfeld\/status\/2054164602577940619\">said<\/a> in a post on X. \u00abSignups are paused for the time being. Hundreds of packages involved \u2013 mostly targeting us, but some carrying exploits.\u00bb<\/p>\n<p>Visitors to RubyGems&#8217; <a href=\"https:\/\/rubygems.org\/sign_up\">sign up page<\/a> are now greeted with the message: \u00abNew account registration has been temporarily disabled.\u00bb<\/p>\n<p>Mend.io, which secures RubyGems, said it intends to release more details once the incident is contained. It&#8217;s currently not known who is behind the attack.<\/p>\n<div class=\"dog_two clear\">\n<div class=\"cf\"><a href=\"https:\/\/thehackernews.uk\/ai-cant-stop-d\" rel=\"nofollow noopener sponsored\" target=\"_blank\"><img loading=\"lazy\" decoding=\"async\" class=\"lazyload\" alt=\"Cybersecurity\" src=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjPEV6-530TOlxG6PjrmdlY623wpBwduZ7t1HV6flcmO5R4q4AmfixDUzW0CrhlvMVNWbhvOIso-UDNTka4W_W9Chrdj_dglwBZwi7DuePM2IMIl-hfUYVIqBXgfpr_2619K8Gptb4LzwJ6gUbi7lWl2M8AFQJsHEaw63Q7tZ6708YGruiHrr0Y2W9YYxLQ\/s728-e100\/ThreatLocker-d.png\" width=\"729\" height=\"91\"\/><\/a><\/div>\n<\/div>\n<p>The development comes as software supply chain attacks targeting open-source ecosystems have been on the rise, with threat actors like TeamPCP compromising widely used packages to distribute credential-stealing malware capable of harvesting sensitive data and allowing the attackers to expand their reach.<\/p>\n<p>In a report published Monday, Google said the credentials stolen from affected environments have been monetized through partnerships with ransomware and data theft extortion groups.<\/p>\n<p><em>(This is a developing story. Please check back for more details.)<\/em><\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>\ue804Ravie Lakshmanan\ue802May 12, 2026Supply Chain Attack \/ Software Security RubyGems, the standard package manager for the Ruby programming language, has temporarily paused account sign ups following what has been described&hellip;<\/p>\n","protected":false},"author":1,"featured_media":894,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[1636,33,35,1633,1635,1634,1637],"class_list":["post-893","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized","tag-hundreds","tag-malicious","tag-packages","tag-rubygems","tag-signups","tag-suspends","tag-uploaded"],"_links":{"self":[{"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/posts\/893","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=893"}],"version-history":[{"count":0,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/posts\/893\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/media\/894"}],"wp:attachment":[{"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=893"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=893"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=893"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}