Attackers poison RubyGems and Go modules to backdoor CI/CD and steal developer secrets

- Attackers have been poisoning Ruby Gems and Go modules to deliver backdoors that exfiltrate developer credentials from CI/CD pipelines and developer machines. (x.com) - Incident trackers warn npm malware and third‑party package abuse has led to widespread breaches, with one dataset showing ~88% of affected organizations compromised after package abuse. (x.com) - Mitigations include package provenance checks, least‑privileged CI tokens, and hardening dependency update pipelines to reduce downstream compromise risk. (x.com)