RubyGems Pauses Signups After Major Malicious Package Attack

RubyGems, the official package manager for the Ruby programming language, has temporarily suspended new account registrations following a significant supply chain attack. According to Maciej Mensfeld, Senior Product Manager for Software Supply Chain Security at Mend.io, the platform is experiencing a "major malicious attack" with hundreds of packages compromised. The attack primarily targets RubyGems infrastructure, though some packages contain active exploits designed to harvest user credentials. Visitors to RubyGems' registration page are now met with a message stating: "New account registration has been temporarily disabled." Mend.io, which provides security services for RubyGems, stated they will release additional details once the incident is contained. The identity of the threat actors behind this campaign remains unknown at this time.

The malicious packages involved in this attack are designed to steal credentials and sensitive data from affected environments. Google's threat intelligence team published findings on Monday indicating that stolen credentials from compromised systems have been monetized through partnerships with ransomware operators and data theft extortion groups. This follows the pattern established by threat actors like TeamTNT, who have historically targeted widely-used open-source packages to distribute credential-harvesting malware capable of expanding their reach across enterprise environments. Organizations should immediately audit their RubyGems usage and verify whether any potentially compromised packages were installed using the email breach checker tool to determine if corporate credentials may have been exposed.

This incident underscores the growing threat landscape facing open-source ecosystems in 2026. Software supply chain attacks have increased dramatically, with threat actors specifically targeting package managers and build systems to inject malicious code at the source. Security teams are advised to implement rigorous package verification processes, monitor for unauthorized dependencies, and ensure their CI/CD pipelines include thorough scanning procedures. Users concerned about the security of their accounts should utilize a password checker to ensure credentials associated with RubyGems or similar platforms meet current security standards. Mend.io continues to investigate the incident and is coordinating with RubyGems administrators to remediate affected packages and restore secure account registration.