Malicious remote code execution backdoor discovered in the popular bootstrap-sass Ruby gem
7y agoen
Source
SnykMalicious remote code execution backdoor discovered in the popular bootstrap-sass Ruby gemsnyk.ioOn March 26, 2019, a malicious version of the popular bootstrap-sass package, that has been downloaded a total of 28 million times to date, was published to the official RubyGems repository.
You might also wanna read
Subversion of bootstrap-sass
dwheeler.com·7y ago
NPM Vulnerability Allows 126 Malicious Packages to Be Downloaded 86,000+ Times
Security researchers have discovered a major vulnerability in NPM (Node Package Manager) that allows attackers to distribute malicious packa
arstechnica.com·8mo agoPopular npm packages debug and chalk compromised with crypto-intercepting malware
Starting September 8th, 2023, the popular npm packages "debug" and "chalk" were compromised with malicious code. These packages, which colle
aikido.dev·10mo agoResearcher Discovers Critical React2Shell RCE Vulnerability (CVE-2025-55182) Affecting Millions of Websites
A security researcher recounts discovering a critical remote code execution vulnerability (CVE-2025-55182, dubbed "React2Shell") in the Reac
RubyGems.org Security: Multi-Layered Protection Against Malicious Gems
RubyGems.org explains their multi-layered security approach to protect the Ruby ecosystem from malicious gems, detailing automated detection
Red Hat npm supply chain attack compromises 32 packages with credential-stealing malware
A supply chain attack targeted Red Hat's npm namespace (@redhat-cloud-services), with 96 compromised versions across 32 packages backdoored

Comments
Sign in to join the conversation.
No comments yet. Be the first.