RubyGems.org
May 12, 2026
•[ malicious packages, supply chain attack, bot accounts ]
RubyGems.org temporarily suspended new account registrations after threat actors used bot accounts to push more than 500 junk or malicious packages, including packages carrying exploits. Existing packages were not compromised, and gem installs and pushes for existing users were unaffected while maintainers tightened account-creation rate limiting and WAF protections.
