RubyGems

GemStuffer: Attackers Weaponize RubyGems as a Covert Data Drop for UK Gov Scraping

• Malware

GemStuffer: Attackers Weaponize RubyGems as a Covert Data Drop for UK Gov Scraping

Do Son May 13, 2026 0

Security researchers are sounding the alarm on a highly resourceful new campaign dubbed “GemStuffer.” Uncovered by Socket’s...

Read More Read more about GemStuffer: Attackers Weaponize RubyGems as a Covert Data Drop for UK Gov Scraping

Waking the Sleepers: The BufferZoneCorp Campaign Poisoning Ruby and Go Ecosystems

• Malware

Waking the Sleepers: The BufferZoneCorp Campaign Poisoning Ruby and Go Ecosystems

Do Son May 2, 2026 0

Security researchers at Socket have uncovered a coordinated software supply chain campaign orchestrated through the GitHub account...

Read More Read more about Waking the Sleepers: The BufferZoneCorp Campaign Poisoning Ruby and Go Ecosystems

Stealth C2: Hackers Abuse Discord Webhooks for Covert Data Exfiltration in npm, PyPI, and RubyGems Supply Chain Attacks

• Malware

Stealth C2: Hackers Abuse Discord Webhooks for Covert Data Exfiltration in npm, PyPI, and RubyGems Supply Chain Attacks

Do Son October 14, 2025 0

The Socket Threat Research Team has uncovered a growing trend among malicious package developers: leveraging Discord webhooks...

Read More Read more about Stealth C2: Hackers Abuse Discord Webhooks for Covert Data Exfiltration in npm, PyPI, and RubyGems Supply Chain Attacks

Rack Security Update: High-Severity Flaw Bypasses Parameter Limit, Exposing Apps to DoS Attacks

• Vulnerability Report

Rack Security Update: High-Severity Flaw Bypasses Parameter Limit, Exposing Apps to DoS Attacks

Do Son September 26, 2025 0

The Rack project, a key Ruby library providing a minimal and modular interface for web application development,...

Read More Read more about Rack Security Update: High-Severity Flaw Bypasses Parameter Limit, Exposing Apps to DoS Attacks

RubyGems Under Attack: 60 Malicious Packages Found Stealing Credentials from Grey-Hat Marketers

• Malware

RubyGems Under Attack: 60 Malicious Packages Found Stealing Credentials from Grey-Hat Marketers

Do Son August 8, 2025 0

Socket’s Threat Research Team has revealed a long-running supply chain attack in the RubyGems ecosystem, where a...

Read More Read more about RubyGems Under Attack: 60 Malicious Packages Found Stealing Credentials from Grey-Hat Marketers

Alert: Malicious RubyGems Impersonate Fastlane Plugins, Steal CI/CD Data

• Malware

Alert: Malicious RubyGems Impersonate Fastlane Plugins, Steal CI/CD Data

Do Son June 4, 2025 0

Socket’s Threat Research Team has uncovered a targeted supply chain attack leveraging malicious RubyGems impersonating Fastlane plugins....

Read More Read more about Alert: Malicious RubyGems Impersonate Fastlane Plugins, Steal CI/CD Data

Malicious Packages Weaponize OAST for Stealthy Data Exfiltration and Reconnaissance

• Cyber Security
• Malware

Malicious Packages Weaponize OAST for Stealthy Data Exfiltration and Reconnaissance

Do Son January 5, 2025 0

Researchers at Socket have uncovered a series of malicious campaigns exploiting Out-of-Band Application Security Testing (OAST) techniques....

Read More Read more about Malicious Packages Weaponize OAST for Stealthy Data Exfiltration and Reconnaissance

CVE-2021-33621: RubyGems cgi gem HTTP response splitting

• Vulnerability

CVE-2021-33621: RubyGems cgi gem HTTP response splitting

Do Son November 24, 2022

The maintainers of the RubyGems package manager have addressed a high-risk security vulnerability in the CGI class...

Read More Read more about CVE-2021-33621: RubyGems cgi gem HTTP response splitting