RubyGems, PyPI Hit by Malicious Packages Stealing Credentials, Crypto, Forcing Security Changes

Source: The Hacker News | Added:

A new set of 60 malicious packages has been discovered in the RubyGems ecosystem, masquerading as automation tools to steal user credentials. This malicious activity has been ongoing since at least March 2023, highlighting significant security concerns in software supply chains.

---

Impact: RubyGems

In the Wild: Yes

Age: Newly disclosed

Remediation: Not specified

Read Full Original Article →