Incident detail

criticalrubygems·credential theft·osv

Malicious code in knot-simple-formatter (RubyGems)

knot-simple-formatter

Published May 13, 2026, 03:09 AM

Risk score

AI summary

Indexed incident for knot-simple-formatter (rubygems).

Description

-= Per source details. Do not edit below this line.=-

Source: google-open-source-security (a4e4f74e90479d472a307d311d48214827e21cf93ecf9b0b62ff2cb72adb2c9e)

This package is a malicious packages part of the Go BufferZoneCorp and RubyGems knot-theory clusters.
The packages in this cluster steal credentials, set up ssh access and tamper with build/workflow environmetn variables.

Technical details

Affected versions

<function fixed() { [native code] }

Indicators

affected_version<function fixed() { [native code] }75%

Timeline

May 13, 03:09 AMAdvisory published
May 26, 03:29 PMIndexed by ThreatPkg

Related incidents

Malicious code in pywingui (PyPI)pywingui92
Malicious code in token-me-uk (npm)token-me-uk92
Malicious code in amaco-os (npm)amaco-os92
Malicious code in vectordb-engine (PyPI)vectordb-engine92
Malicious code in baidubsrc (PyPI)baidubsrc92