GemStuffer Abuses 150+ RubyGems to Exfiltrate Scraped U.K. Council Portal Data

Wednesday, May 13, 2026 at 08:08 AM UTC·Source: The Hacker News

Updated: Wednesday, May 13, 2026 at 10:00 AM UTC

Executive Summary

Cybersecurity researchers are calling attention to a new campaign dubbed GemStuffer that has targeted the RubyGems repository with more than 150 gems that use the registry as a data exfiltration channel rather than for malware distribution. "The packages do not appear designed for mass developer compromise," Socket said. "Many have little or no download activity, and the payloads are repetitive,

Analysis

Source Attribution

Originally published by The Hacker News on May 13, 2026.

Related Threats

MEDIUMMalware

Russian hackers turn Kazuar backdoor into modular P2P botnet

The Russian hacker group Secret Blizzard has developed its long-running Kazuar backdoor into a modular peer-to-peer (P2P) botnet designed for long-term persistence, stealth, and data collection. [...]

1d agoBleepingComputer

LOWMalware

CISA orders all federal agencies to patch exploited bug in Cisco SD-WAN systems by Sunday

Cisco released a patch for the vulnerability on Thursday, writing in an advisory that it could “allow an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected system.”

2d agoThe Record

MEDIUMMalware

What 45 Days of Watching Your Own Tools Will Tell You About Your Real Attack Surface

In Your Biggest Security Risk Isn't Malware — It's What You Already Trust, we made a simple argument: the most dangerous activity inside most organizations no longer looks like an attack. It looks like administration. PowerShell, WMIC, netsh, Certutil, MSBuild — the same trusted utilities your IT team uses every day are also the preferred toolkit of modern threat actors. Bitdefender's analysis

2d agoThe Hacker News