Skip to content

News
Cybercrime
Risk
Policy
Privacy
Research
Cloud
Insurance

LinkedIn
Facebook

RubyGems

Researchers say GemStuffer abused more than 150 RubyGems to store scraped council data

Cybercrime, Research, Risk

May 14, 2026

Researchers said GemStuffer abused more than 150 RubyGems packages to store scraped data from U.K. council portals, using the registry as an exfiltration channel and raising questions about package registry abuse.
RubyGems pauses new signups after major malicious attack

Cybercrime, News, Risk, Vendors

May 13, 2026

RubyGems has temporarily paused new account signups after what the article described as a major malicious attack involving hundreds of packages. Mend.io said it will share more details once the incident is contained.
GitHub Tightens npm Publishing Security with 2FA, Short-Lived Tokens and Trusted Publishing

News, Policy, Privacy, Risk, Vulnerabilities

September 23, 2025

GitHub announced a sweeping set of security measures for npm publishing, including deprecating legacy tokens, migrating to FIDO-based 2FA, and introducing seven-day, short-lived granular tokens plus trusted publishing that uses OpenID Connect and cryptographic provenance attestations to bolster npm’s supply-chain security.

About
Editorial Policy
Privacy
Contact