The Silent Guardian: Why Bundler Checksums Are a Game-Changer for Your Applications
Introduction: A Fragile Trust The Ruby ecosystem relies heavily on RubyGems.org as the central platform…
The librdkafka Supply Chain Breakdown: rdkafka-ruby’s Darkest Hour
Opening Note We all make mistakes, and fundamentally, the havoc caused by this incident was…
RubyGems dependency confusion attack side of things
Note: This article is not to deprecate any of the findings and achievements of Alex…
RubyGems Bitcoin Stealing Malware postmortem
Introduction On the 7th and 13th of December, there were two malicious packages uploaded to…
How to take over a Ruby gem and what to do with it / RubyKaigi 2019 presentation
Using Ruby gems is safe, right? We’re a nice community of friendly beings that act…