RubyGems pauses new account signups during major malicious attack
Security Tool/Service
Summary
Hide ▲
Show ▼
RubyGems temporarily disabled new account registration after a major malicious attack, disrupting a core Ruby package-registry service while operators contain the issue. The pause matters because the registry is a trusted software distribution channel, and hostile package activity can affect downstream developers and supply-chain safety. More details are expected once the incident is contained.
Related Happenings
Google sponsored search ManageWP phishing campaign
Campaign
First: 07.05.2026 00:36
Last: 07.05.2026 00:36
Sources 1
About this happening:
A **phishing campaign** is abusing **Google sponsored search results** to impersonate **ManageWP** and steal login credentials, **2FA codes**, and account access. The operation ma...
Google sponsored search ManageWP phishing campaign
CampaignAbout this happening: A **phishing campaign** is abusing **Google sponsored search results** to impersonate **ManageWP** and steal login credentials, **2FA codes**, and account access. The operation ma...
BufferZoneCorp sleeper-package supply chain campaign
Campaign
First: 01.05.2026 12:43
Last: 01.05.2026 12:43
Sources 1
About this happening:
The **BufferZoneCorp** software supply chain campaign is pushing **malicious Ruby gems and Go modules** that can steal credentials, tamper with **GitHub Actions**, and persist on...
BufferZoneCorp sleeper-package supply chain campaign
CampaignAbout this happening: The **BufferZoneCorp** software supply chain campaign is pushing **malicious Ruby gems and Go modules** that can steal credentials, tamper with **GitHub Actions**, and persist on...
Lumma Stealer infection of a Context.ai employee
Malware Activity
First: 23.04.2026 11:40
Last: 23.04.2026 11:40
Sources 1
About this happening:
A **Context.ai** employee was infected with **Lumma Stealer** in **February 2026**, giving attackers a likely foothold that may have seeded the wider compromise chain affecting **...
Lumma Stealer infection of a Context.ai employee
Malware ActivityAbout this happening: A **Context.ai** employee was infected with **Lumma Stealer** in **February 2026**, giving attackers a likely foothold that may have seeded the wider compromise chain affecting **...
Optimizely hit by network compromise
Incident
First: 23.02.2026 20:04
Last: 23.02.2026 20:04
Sources 1
About this happening:
**Optimizely** confirmed a **voice-phishing breach** that exposed **basic business contact information**, creating a limited but real follow-on phishing risk. The intrusion touche...
Optimizely hit by network compromise
IncidentAbout this happening: **Optimizely** confirmed a **voice-phishing breach** that exposed **basic business contact information**, creating a limited but real follow-on phishing risk. The intrusion touche...
Starkiller dark-web phishing platform scales credential theft as a SaaS-style criminal service
Threat Actor Meta
First: 19.02.2026 14:00
Last: 19.02.2026 14:00
Sources 1
About this happening:
The **Starkiller** phishing platform has emerged as a **SaaS-style criminal service**, raising the scale and durability of credential theft operations. It is sold on the **dark we...
Starkiller dark-web phishing platform scales credential theft as a SaaS-style criminal service
Threat Actor MetaAbout this happening: The **Starkiller** phishing platform has emerged as a **SaaS-style criminal service**, raising the scale and durability of credential theft operations. It is sold on the **dark we...
Timeline
-
12.05.2026 17:47 2 articles · 15d ago
RubyGems pauses new account registration during major malicious attack
Initial DisclosureRubyGems temporarily disabled new account registration after a major malicious attack involving hundreds of packages, with some packages described as carrying exploits. Visitors to the sign-up page were shown that new account registration had been temporarily disabled, and Mend.io said more details would be released once the incident is contained. Attribution remains unknown.
Show sources
- RubyGems Suspends New Signups After Hundreds of Malicious Packages Are Uploaded — thehackernews.com — 12.05.2026 17:47
- Hundreds of Malicious Packages Force RubyGems to Suspend Registrations — www.securityweek.com — 13.05.2026 10:30