RubyGems Suspends New Signups Following Malicious Package Attack

RubyGems Suspends New Signups Following Malicious Package Attack

First seen 13 May 2026, 07:53 UTC ThehackernewsNews.Risky.BizDarkreadingwww.cybersecuritydive.comScworld+1 84% similarity 57.8

Article Content

Browse articles
ThreatCluster

RubyGems has halted new user sign-ups after a malicious attack on May 11, 2026, which involved the publication of hundreds of malicious packages targeting its staff. The malicious code aimed to execute cross-site scripting attacks and steal data from RubyGems developers. This incident is separate from a concurrent supply chain attack affecting the npm JavaScript package repository. RubyGems also reported a DDoS attack, though some experts question its classification. The full scope of the attack and what data was targeted remains unclear. RubyGems' security team is actively investigating the incident. The attack coincided with the publication of CVE-2026-45185, which had its first public proof of concept released on May 13, 2026.

Key Points: • RubyGems disabled new sign-ups after hundreds of malicious packages were uploaded. • The attack targeted RubyGems staff with cross-site scripting attempts. • This incident is unrelated to a concurrent attack on the npm repository.

ThreatCluster AI

Timeline

2026-05-04
CVE-2026-42236 published
Vulnerability assigned a CVE identifier and published in the National Vulnerability Database.
MITRE
2026-05-11
Malicious packages uploaded to RubyGems
Hundreds of malicious packages were published, targeting RubyGems developers with harmful code.
News.Risky.Biz
2026-05-12
CVE-2026-45185 published
The first public proof of concept for CVE-2026-45185 was released, highlighting vulnerabilities in RubyGems.
Thehackernews
2026-05-13
RubyGems suspends new sign-ups
In response to the attack, RubyGems has disabled new user registrations to mitigate further risks.
News.Risky.Biz

Community

Browse all →