WeSearch

Ruby Gems and Go Modules Impersonate Dev Tools to Steal Secrets and Poison CI

·1 min read · 0 reactions · 0 comments · 4 views
#supply chain security#malicious packages#ci/cd security#open source vulnerabilities#package registries#Socket#Intercom#RubyGems#Go Modules#Packagist#npm
Ruby Gems and Go Modules Impersonate Dev Tools to Steal Secrets and Poison CI
⚡ TL;DR · AI summary

Malicious packages impersonating legitimate developer tools have been discovered in both the RubyGems and Go module ecosystems, designed to steal user secrets and compromise continuous integration (CI) environments. These packages use sophisticated techniques such as dependency confusion and code obfuscation to evade detection while propagating across platforms. The attack follows a similar pattern previously observed in npm and now extends to Packagist, where a malicious Intercom PHP package leverages Composer plugin execution to spread and harvest credentials.

Original article
Socket
Read full at Socket →
Opening excerpt (first ~120 words) tap to expand

.css-14sa009{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-flex-direction:column;-ms-flex-direction:column;flex-direction:column;height:var(--chakra-sizes-full);}.css-mezi7s{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-align-items:center;-webkit-box-align:center;-ms-flex-align:center;align-items:center;background:var(--chakra-colors-gray-950);--bg-currentcolor:var(--chakra-colors-gray-950);-webkit-flex-direction:column;-ms-flex-direction:column;flex-direction:column;height:180px;margin-bottom:var(--chakra-spacing-2);overflow:hidden;place-content:center;}.css-1phd9a0{object-fit:cover;}.css-x8iw57{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-flex-direction:column;-ms-flex-direction:c…

Excerpt limited to ~120 words for fair-use compliance. The full article is at Socket.

Anonymous · no account needed
Share 𝕏 Facebook Reddit LinkedIn Threads WhatsApp Bluesky Mastodon Email

Discussion

0 comments

More from Socket

AT&T Promo Codes and Bundle Deals: Save $50 in May
WIRED·2
Verizon Promo Codes: $200 Verizon Gift Cards | May 2026
WIRED·2
Top Paramount+ Coupon Codes and Deals for May 2026
WIRED·2
30% Off Samsung Promo Code | May 2026
WIRED·2
Dyson Promo Codes: 25% Off in May 2026
WIRED·2
NordVPN Coupons and Deals: 77% Off in May 2026
WIRED·2