Incident detail

criticalrubygems·credential theft·osv

Malicious code in knot-date-utils-rb (RubyGems)

knot-date-utils-rb

Published May 13, 2026, 03:09 AM

Risk score

AI summary

Indexed incident for knot-date-utils-rb (rubygems).

Description

This package is a malicious packages part of the Go BufferZoneCorp and RubyGems knot-theory clusters.
The packages in this cluster steal credentials, set up ssh access and tamper with build/workflow environmetn variables.

Technical details

Indicators

affected version<function fixed() { [native code] }75%

Timeline

May 13, 03:09 AMAdvisory published
May 26, 03:29 PMIndexed by ThreatPkg

Related incidents

Malicious code in bittensor-burn-watch (PyPI)bittensor-burn-watch92
Malicious code in clip-logger (PyPI)clip-logger92
Malicious code in executable-stories-jest (npm)executable-stories-jest92
Malicious code in wrangler-deploy (npm)wrangler-deploy92
Malicious code in node-env-resolver (npm)node-env-resolver92