RubyGems Suspends New Signups After Hundreds of Malicious Packages Are Uploaded

RubyGems Suspends New Signups After Hundreds of Malicious Packages Are Uploaded Ravie LakshmananMay 12, 2026Supply Chain Attack / Software Security RubyGems, the standard package manager for the Ruby programming language, has temporarily paused account sign ups following what has been described as a "major malicious attack." "We're dealing with a major malicious attack on Ruby Gems right now," Maciej Mensfeld, senior product manager for software supply chain security at Mend.io, said in a post on X. "Signups are paused for the time being. Hundreds of packages involved – mostly targeting us, but some carrying exploits." Visitors to RubyGems' sign up page are now greeted with the message: "New account registration has been temporarily disabled." Mend.io, which secures RubyGems, said it intends to release more details once the incident is contained. It's currently not known who is behind the attack. The development comes as software supply chain attacks targeting open-source ecosystems have been on the rise, with threat actors like TeamPCP compromising widely used packages to distribute credential-stealing malware capable of harvesting sensitive data and allowing the attackers to expand their reach. In a report published Monday, Google said the credentials stolen from affected environments have been monetized through partnerships with ransomware and data theft extortion groups. (This is a developing story. Please check back for more details.) Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post. SHARE     Tweet Share Share SHARE  Credential Theft, cybersecurity, Google, Malware, Open Source, ransomware, RubyGems, software security, supply chain attack ⚡ Top Stories This Week New Linux PamDOORa Backdoor Uses PAM Modules to Steal SSH Credentials Trellix Confirms Source Code Breach With Unauthorized Repository Access Microsoft Details Phishing Campaign Targeting 35,000 Users Across 26 Countries The Hacker News Launches 'Cybersecurity Stars Awards 2026' — Submissions Now Open PAN-OS RCE Exploit Under Active Use Enabling Root Access and Espionage Linux Kernel Dirty Frag LPE Exploit Enables Root Access Across Major Distributions 30,000 Facebook Accounts Hacked via Google AppSheet Phishing Campaign Day Zero Readiness: The Operational Gaps That Break Incident Response 2026: The Year of AI-Assisted Attacks ThreatsDay Bulletin: Edge Plaintext Passwords, ICS 0-Days, Patch-or-Die Alerts and 25+ New Stories We Scanned 1 Million Exposed AI Services. Here's How Bad the Security Actually Is Progress Patches Critical MOVEit Automation Bug Enabling Authentication Bypass Critical Apache HTTP/2 Flaw (CVE-2026-23918) Enables DoS and Potential RCE Palo Alto PAN-OS Flaw Under Active Exploitation Enables Remote Code Execution Quasar Linux RAT Steals Developer Credentials for Software Supply Chain Compromise ⚡ Weekly Recap: AI-Powered Phishing, Android Spying Tool, Linux Exploit, GitHub RCE and More Load More ▼ ⭐ Featured Resources [Guide] Get Practical AI SOC Insights to Improve Threat Detection [Webinar] Learn How Autonomous Validation Keeps Pace With AI Attacks [Demo] Discover How to Control Autonomous Identity Risks Effectively [Demo] Stop Email Attacks and Protect Cloud Workspace Data Faster