Risky Bulletin: Damaging worm rips through npm ecosystem

risky.biz·May 13, 2026

RubyGems has halted sign-ups following an attack on its staff, while Instructure paid a ransom, the Gentlemen ransomware group was hacked, and there was another significant supply chain attack on npm.

The key insight for you is that the recent attack on RubyGems, coupled with the ongoing vulnerabilities in supply chains like npm, underscores the critical need for enhanced security measures in software package management. Prioritize strengthening your supply chain security protocols and consider implementing more robust identity management and incident response strategies to mitigate risks from such attacks.

Want more content like this?

twixb tracks your favorite blogs and social media, filters by keywords, and delivers personalized key learnings — straight to your inbox.

Create Your Own →Explore Newsfeeds

More from Cybersecurity News

Recent stories curated alongside this one.

Browse all Cybersecurity News →

Risky Bulletin: Damaging worm rips through npm ecosystem

Want more content like this?

More from Cybersecurity News

New Fragnesia Linux flaw lets attackers gain root privileges

New Fragnesia Linux Kernel LPE Grants Root Access via Page Cache Corruption

18-Year-Old NGINX Rewrite Module Flaw Enables Unauthenticated RCE

West Pharmaceutical says hackers stole data, encrypted systems

Checkbox Assessments Aren't Fit to Measure to Risk