RubyGems Suspends New Signups After Hundreds of Malicious Packages Are Uploaded

AndyC 13 May 2026

Ravie LakshmananMay 12, 2026Supply Chain Attack / Software Security

RubyGems, the standard package manager for the Ruby programming language, has temporarily paused account sign ups following what has been described as a “major malicious att

RubyGems Suspends New Signups After Hundreds of Malicious Packages Are Uploaded

RubyGems Suspends New Signups After Hundreds of Malicious Packages Are Uploaded

Ravie LakshmananMay 12, 2026Supply Chain Attack / Software Security

RubyGems Suspends New Signups After Hundreds of Malicious Packages Are Uploaded

RubyGems, the standard package manager for the Ruby programming language, has temporarily paused account sign ups following what has been described as a “major malicious attack.”

“We’re dealing with a major malicious attack on Ruby Gems right now,” Maciej Mensfeld, senior product manager for software supply chain security at Mend.io, said in a post on X. “Signups are paused for the time being. Hundreds of packages involved – mostly targeting us, but some carrying exploits.”

Visitors to RubyGems’ sign up page are now greeted with the message: “New account registration has been temporarily disabled.”

Mend.io, which secures RubyGems, said it intends to release more details once the incident is contained. It’s currently not known who is behind the attack.

The development comes as software supply chain attacks targeting open-source ecosystems have been on the rise, with threat actors like TeamPCP compromising widely used packages to distribute credential-stealing malware capable of harvesting sensitive data and allowing the attackers to expand their reach.

In a report published Monday, Google said the credentials stolen from affected environments have been monetized through partnerships with ransomware and data theft extortion groups.

(This is a developing story. Please check back for more details.)

About Author

AndyC

Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.

See author's posts

Tags: , , , , , , , , ,

What do you feel about this?

More Stories

New Exim BDAT Vulnerability Exposes GnuTLS Builds to Potential Code Execution

New Exim BDAT Vulnerability Exposes GnuTLS Builds to Potential Code Execution

AndyC 13 May 2026
New TrickMo Variant Uses TON C2 and SOCKS5 to Create Android Network Pivots

New TrickMo Variant Uses TON C2 and SOCKS5 to Create Android Network Pivots

AndyC 13 May 2026
Webinar: What the Riskiest SOC Alerts Go Unanswered - and How Radiant Security Can Help

Webinar: What the Riskiest SOC Alerts Go Unanswered – and How Radiant Security Can Help

AndyC 13 May 2026
Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More Packages

Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More Packages

AndyC 13 May 2026
Why Agentic AI Is Security's Next Blind Spot

Why Agentic AI Is Security’s Next Blind Spot

AndyC 13 May 2026
Instructure Reaches Ransom Agreement with ShinyHunters to Stop 3.65TB Canvas Leak

Instructure Reaches Ransom Agreement with ShinyHunters to Stop 3.65TB Canvas Leak

AndyC 12 May 2026

You may have missed

Smashing Security podcast #466: Meta sees everything, Copy Fail, and a deepfake gets hired

Smashing Security podcast #466: Meta sees everything, Copy Fail, and a deepfake gets hired

AndyC 13 May 2026
New Exim BDAT Vulnerability Exposes GnuTLS Builds to Potential Code Execution

New Exim BDAT Vulnerability Exposes GnuTLS Builds to Potential Code Execution

AndyC 13 May 2026
RubyGems Suspends New Signups After Hundreds of Malicious Packages Are Uploaded

RubyGems Suspends New Signups After Hundreds of Malicious Packages Are Uploaded

AndyC 13 May 2026
Over 1 Million Baby Monitors, Security Cameras Exposed Through Meari Flaws

Over 1 Million Baby Monitors, Security Cameras Exposed Through Meari Flaws

AndyC 13 May 2026
Google Says Hackers Used AI to Build Zero-Day Exploit

Google Says Hackers Used AI to Build Zero-Day Exploit

AndyC 13 May 2026

Subscribe To InfoSec Today News

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

World Wide Crypto will use the information you provide on this form to be in touch with you and to provide updates and marketing.