Summary

RubyGems suspended new account registrations after attackers uploaded hundreds of malicious packages containing exploits to the repository.

Take Action:

If you're a Ruby developer, audit your Gemfile.lock for any unfamiliar or recently added dependencies and run bundle-audit to scan for known vulnerabilities. Avoid installing or updating gems until RubyGems confirms the cleanup is complete, and treat any new dependency added in the last few days with extra suspicion.

Read the full article on BeyondMachines

This article was originally published on BeyondMachines