Risky Bulletin: RubyGems adds dependency cooldowns to counter supply chain attacks

Written by

Catalin Cimpanu

News Editor

This newsletter is brought to you by SpecterOps, the experts in Attack Path Management. You can subscribe to an audio version of this newsletter as a podcast by searching for "Risky Business" in your podcatcher or subscribing via this RSS feed. You can also add the Risky Business newsletter as a Preferred Source to your Google search results by going here.

The RubyGems package manager has added support for dependency cooldowns as a way to counter a recent spate of supply chain attacks. The move copies similar efforts made in the JavaScript and Python ecosystem this year.

Dependency cooldowns are parameters that tell the package manager to install dependencies only if they are of a certain age in days. For example, a dependency cooldown of "7" will only install packages that are at least a week old.

The idea behind dependency cooldowns is to allow security tools, the admins of package repositories, and library maintainers time to detect compromises and pull down malicious versions.

Currently, a developer gets compromised, a threat actor pushes malicious versions of their libraries, and these get installed right away as soon as they're up on the package repo CDN.

If source code projects use cooldowns, they would skip these new (malicious) versions until they reach their "cooldown" age.

In their current versions dependency cooldowns ship disabled by default, so this requires developers to take the time out of their day and configure a "cooldown" for each of their projects. This means that even if a package manager supports the feature, it won't work unless specifically enabled and set.

Regardless, the feature is a simple fix for a major threat that has been ravaging the DevOps ecosystem for several years, but has become untenable over the past nine months.

The idea of dependency cooldowns has been around for a long while, at least at a theoretical level. It started gaining a huge amount of attention last year after several self-spreading worms hit the npm and PyPI package managers for JavaScript and Python, worms that are still spreading to this day, compromising hundreds of packages each week.

Blog posts from some of the DevOps and open-source communities best known names—such as William Woodruff, Christian Schneider, Simon Willison, Andrew Nesbitt, security firm DataDog, and Red Hat's Joe Brockmeier —have pushed package managers over the past months to add support for dependency cooldowns.

Even if it did not call for dependency cooldowns, even CISA in a guide on how to protect against software supply chain attacks recommended that developers wait at least three hours before updating projects.

Right now, all the community push towards dependency cooldowns appears to have worked.

RubyGems added support for dependency cooldowns to its Bundler installer last week, but npm has had it since February. Python's pip installer has had it since April and its uv tool since last December. Other JavaScript tools like Deno, Yarn, and Bun also support cooldowns, or "min-release-age", the other term used to describe it.

The table below, compiled by Red Hat software engineer Martin Prpič, also lets you know which package managers support it and how you can set it. The table has been taken off a website called Dependency Cooldowns that tracks support for the feature.

As for the downsides, the only major issue with dependency cooldowns is that "security updates" are also put on cooldowns, so if you need to patch an urgent RCE, you might need to tell your package installer CLI to skip the cooldowns on some updates you know for a fact are safe.

Risky Business Podcasts

The main Risky Business podcast is now on YouTube with video versions of our recent episodes. Below is our latest weekly show with Pat, James, and special guest co-host Andrew Boyd, CEO of REDLattice, at the helm!

Breaches, hacks, and security incidents

AT&T and IBM accused of hiding hacks: A whistleblower has accused AT&T and IBM of hiding breaches by foreign state-sponsored hackers. The allegations were made by William Barlow, a former vice-president of threat intelligence at IBM. Barlow claims he was told to soften internal reports, omit details, and even lie to the NSA. He says IBM was breached multiple times while he worked there, including by Chinese hackers. AT&T was named in the whistleblower complaint and a lawsuit because it runs IBM's Core Network cloud service. [Bloomberg]

Dashlane post-mortem: Password manager Dashlane has published a little bit more technical details on the brute-force attack last week that resulted in the theft of almost 20 encrypted password vaults. [Dashlane]

Elrond hackers plead guilty: Two former employees of the Elrond cryptocurrency exchange have pleaded guilty for hacking their employer in 2022. The two were part of a trio who deployed malicious contracts on Elrond's network to steal the company's funds. The trio stole $1.65 million before the platform collapsed due to a lack of liquidity. The third employee involved in the hack denied the charges and is set to face trial in Romania. Elrond has since rebranded and relaunched as MultiversX after the hack. [NewsOnline.ro // MultiversX]

TesseraDAO hacked for $2.5m: Hackers have stolen $2.5 million worth of tokens from the TesseraDAO DeFi platform in a hack last week. The company has yet to address the incident. [The Cryptocurrency Post]

General tech and privacy

Apple removes MAX app: Apple has removed the Russian government's MAX app from the iOS App Store. The company has yet to provide an official reason for the app's removal last week. Apple is also muting notifications for the app on devices where it's already installed. [The Moscow Times // TASS]

Microsoft's Project Solara: A team inside at Microsoft has built a custom version of Android for running AI agents instead of apps. The new "Project Solara" appears to be meant to run on the upcoming wave of AI-enabled smart devices. [GeekWire]

Samsung moves Lockdown button to power menu: Samsung is making it easier for users to put their phone in a locked-down mode by moving the Lockdown Mode button to the power-off menu. Pressing the button immediately locks down the phone and disables biometric authentication. [Android Authority]

Chrome 149: Google has released version 148 of its Chrome browser. See here for security patches and webdev-related changes. The biggest change in this release is a new build for ARM64 Linux devices.

Brave launches Origin browser: The Brave browser has launched Origin, a paid minimalist version of the Brave browser where users can select what features they want or not (Tor, Web3, AI, Search, VPN, etc.). [Brave]

Browser makers call out Microsoft for the umpteenth time: The Browser Choice Alliance has called out Microsoft for refusing recent legal cases and still forcing Windows users towards its Edge browser. [The Browser Choice Alliance]

Bot traffic surpasses humans on AI's back: Bot and automated traffic has surpassed human activity on the internet for the first time. The rise is attributed to the rise of AI agentic traffic. According to Cloudflare data, peaks have reached as high as 60% over the past month. [Cloudflare's Matthew Prince // Cloudflare Radar]

Government, politics, and policy

Senate votes down FISA extension: The Senate has voted against reauthorizing FISA Section 702 surveillance powers. A bill reauthorizing FISA passed through the House but failed in a 52-47 in the Senate on Friday. Backroom efforts to pass FISA reauthorization failed after President Trump named Bill Pulte as acting director of national intelligence despite having no experience in intelligence work. FISA surveillance powers are set to expire on June 15. [Politico]

DOGE whistleblower claims his brakes were cut: The National Labor Relations Board (NLRB) whistleblower who exposed that a DOGE staffer accessed US government data through Russian IP addresses had his car brakes cut five days after he went public. [WIRED]

Guaranteeing Universal Access to Cybersecurity Act: US Senator Mark Warner has introduced a bill on Friday to bring back funding for the Multi-State Information Sharing and Analysis Center, also known as MS-ISAC. The center lost its funding last year after the Noem-led DHS barred government funding from going to organizations that take membership fees. The new Guaranteeing Universal Access to Cybersecurity Act would authorize $50 million in annual funding to CISA for a new MS-ISAC contract. Under the new funding, MS-ISAC will have to provide threat intelligence at no cost to all state, local, and tribal organizations. [Sen. Mark Warner]

Sponsor section

In this Risky Business sponsor interview, Tom Uren talks to Justin Kohler, Chief Product Officer at SpecterOps, about how attack paths exist in the seams between different identity or permissions management domains.

Arrests, cybercrime, and threat intel

Dutch hacker sentenced to community service: A Dutch court has sentenced a local man to 180 hours of community service for a hacking campaign that hit companies in the Netherlands and the UK. The suspect broke into companies using valid credentials, stole data from internal systems, and demanded ransom payments. Some of his victims include the Allekabels Dutch online store, the Scoupy payment service, and the Ticketcounter ticketing service. The suspect also received a one year suspended sentence. [Dutch Judiciary]

New Pink (CL-CRI-1147) group: A new data extortion group named Pink is targeting large companies through voice phishing operations. According to Palo Alto Networks, the group appears to have emerged from an underground community named The Com. This is the same community from where other data extortion groups have previously come out of, such as ShinyHunters and Blackfile. Just like ShinyHunters, the group operates by calling employees at the targeted company and posing as IT staff. [Palo Alto Networks on LinkedIn]

Silent Ransom Group profile: Security firms have published profiles on the Silent Ransom Group, the hacking group linked to a year-long hack-and-extort campaign against US law firms. The group is also tracked as UNC3753, Luna Moth, and Chatty Spider. [Google Cloud // Resecurity]

Quellostanco hacker profile: Two security firms, DeXpose and Buguard, have tracked down a hacker and leaker named Quellostanco to a suspected Egyptian national. Things are about to get really bad for him, if true, because he leaked data of Egyptian companies and is in the reach of local law enforcement. [DeXpose]

Bright Data accused of turning TVs into AI web scrapers: Security researchers have accused Israeli company Bright Data of turning smart TVs into AI web scraping proxy nodes without their owners specific consent. The behavior allegedly happens via an SDK embedded in TV apps that the owners have no idea is running. The SDK is also used in several mobile apps. Bright Data advertises the AI web scraping features on its website. [Include Security]

Microsoft takes down hacked repos: Microsoft has taken down 73 of its own GitHub source code repositories after they were infected with a worm. The repos appear to have been infected with Miasma, a variant of the Shai-Hulud worm. All the affected packages contained Azure-related code and were connected to Microsoft's Durable Task Framework, a project that got hit by the same Shai-Hulud worm last month. [OpenSourceMalware // Step Security]

Operation TaxShadow: Security researchers at CyFirm have spotted an Indian tax-themed phishing campaign delivering a novel in-memory malware payload. [CyFirma]

Operation Smishing Error524: Group-IB have spotted a massive smishing operation targeting the LATAM region since the second half of last year. The phishing pages imitate more than 260 known brands. The operation stood out because of a shared fake Cloudflare "error 524" message shown to individuals who do not match certain characteristics and are blocked from accessing the phishing sites. [Group-IB]

Slovenia warns of extensive smishing campaign: Slovenia's CERT team has sent out a warning last week about an extremely aggressive smishing campaign sent through iMessage and posing as unpaid driving tickets. [Slovenia CERT]

JSON formatters are leaking data: Years after CISA, CERTs, and several security firms warned against using online JSON and XML formatters, new research has found that these services are still secretly "keeping" your copy-pasted data and even leaking it via misconfigured and unpatched portals. [Beyond Memory]

Swagger.json scans: Threat actors are scanning the internet for swagger.json files. The files are typically used on API servers to store information on the API's structure. The API structure can also reveal the technologies that power web applications, useful information for most attackers. [SANS ISC]

"From a web application security perspective, swagger.json is like a directory listing for an API. It is not that they are inherently evil or insecure. They are often necessary to allow developers to connect to an API efficiently. But on the other hand, they are also a great roadmap for attackers. So it's no surprise that attackers are looking for them. Not only do they provide a list of API features, but metadata in the description will usually identify the underlying application. It is a great way to find vulnerable applications."

Protestware in jqwik: The developer of the jqwik Java library inserted a malicious AI prompt in the library's source code. The prompt tells the AI coding agents to remove the jqwik library and associated tests from a user's project. [Snyk]

Malware technical reports

Amatera Stealer: A campaign impersonating Claude Code, JetBrains, NotebookLM, and other AI developer tools across 88 domains on at least 10 hosting platforms is currently distributing versions of the Amatera Stealer. [Straiker]

STX RAT: A threat actor is distributing fake X-VPN installers laced with the STX RAT. X-VPN also shipped a security update to patch the bug exploited to boobytrap its installer. [Cyderes // X-VPN]

10FXRAT (PoisonX RAT): Japanese security firm LAC has published a technical analysis of the 10FXRAT, a remote access trojan deployed in attacks against Japanese and Chinese firms using a BYOVD technique. The company believes this may be associated with Chinese e-crime group Silver Fox. [LAC]

New e-skimmer: Security researchers at Sansec have spotted a novel e-skimmer script that uses the Stripe payment service as its hosting infrastructure. [Sansec]

"The attacker stores the card stealer in a Stripe customer's metadata and runs it on checkout pages, then writes stolen cards back into the same account as fake customers. Stripe is both the command server and the exfiltration sink, all behind a domain almost no store would block."

Miasma worm: There's a new worm spreading across npm and PyPI packages. This one's named Miasma and is a variant of the old Shai-Hulud. It was also the worm that spread via official Red Hat packages last week. [SafeDep // Semgrep // Socket Security // Step Security]

Sponsor section

In this sponsored Soap Box edition of the show, Patrick Gray and James Wilson talk about red teaming AI systems with Russel Van Tuyl, Vice President of Services at elite penetration testing firm SpecterOps. SpecterOps is the company behind attack path enumeration tool Bloodhound and Bloodhound Enterprise, but they're also a pentest and red teaming shop with world class expertise in popping shells on all sorts of interesting systems in all sorts of interesting places.

APTs, cyber-espionage, and info-ops

New Russian disinfo outfit: Bellingcat's Elise Thomas has uncovered a new branch in Russia's neverending disinformation apparatus. This report covers Viory, a video news platform in LATAM that has hidden technical ties to Russia's sanctioned RT news network. [Bellingcat]

Here's me for @bellingcat.com tracing Russia Today subsidiary Ruptly's digital footprints all the way from Berlin to Abu Dhabi www.bellingcat.com/news/2026/06...

[image or embed]

— Elise Thomas (@elisethomas.bsky.social) June 4, 2026 at 3:29 PM

VerdantBamboo (UNC5221): The Chinese APT group behind the BRICKSTORM malware is still active and hacking new victims. A report from a recent hack reveals the group has now developed a new custom post-compromise malware family named AGENTPSD, a reverse shell written in Python. [Volexity]

PlugX: Security researchers have looked at a PlugX malware sample used in a Mustang Panda campaign in January. [BlueCyber]

OP-512 group: Security firm ReliaQuest says its AI tools found a new Chinese APT cluster that's been involved in hacking IIS servers with a custom web shell framework over the past year. [ReliaQuest]

Vulnerabilities, security research, and bug bounty

Security updates: Axis, Chrome, Microsoft, SolarWinds, TP-Link.

Cisco warns of new zero-day: Hackers are exploiting another zero-day in Cisco SD-WAN devices. A new series of attacks was spotted last week by Mandiant. The new zero-day is a local privilege escalation that lets attackers run code as root. Cisco is still working on a patch. [Cisco CVE-2026-20245]

SolarWinds Serv-U bug exploited in the wild: Hackers are exploiting a new denial-of-service bug to crash SolarWinds Serv-U file-sharing services. The bug was patched on Thursday and attacks were confirmed a day later. No authentication is required to exploit the bug. [SolarWinds // CISA]

Zcash crashes after vuln disclosure: The value of the Zcash cryptocurrency crashed by almost 40% last week after the disclosure of a major vulnerability. The issue could have allowed threat actors to mint counterfeit Zcash. It impacted all the Zcash blockchain protocols released over the past years. The Zcash team has since patched the issue. It said it found no evidence of the issue being exploited in the wild. [CoinDesk // Shielder Labs]

Microsoft patches VS Code zero-day: Microsoft has released patches for a Visual Studio Code zero-day that can let attackers steal GitHub tokens in one click. The zero-day was initially disclosed last week by security researcher Ammar Askar. Askar published the zero-day without disclosing it to Microsoft after the company repeatedly played down previous reports. [Ammar Askar]

21 FFmpeg bugs: AI platform depthfirst found 21 bugs in the FFmpeg library, some in code as old as two decades. Claims it only cost $1,000 to find them. [depthfirst]

Infosec industry

Threat/trend reports: Adversa, Black Kite, Dragos, Gartner, OWASP, Red Sift, Stormshield, and Wordfence have recently published reports and summaries covering various threats and infosec industry trends.

Google layoffs hit GTIG, Mandiant: Google is laying off employees at its Cloud division, including members of its threat intelligence teams. Cuts have been reported at the Mandiant and GTIG teams. Employees were allegedly told they were let go to free resources for other areas of growth, such as AI. Google didn't disclose how many employees were let go. [Business Insider]

New tool—Package Proxy: Security firm Thinkst has open-sourced Package Proxy, a proxy sitting between you and public package registries such as npm, PyPI, and Cargo, helping you reduce supply-chain risks from malicious packages.

New tool—AzureRedOps: Security researcher Charles F. Hamilton has released AzureRedOps, an offensive security toolkit for assessing the security posture of Microsoft Entra ID and Azure tenants.

New tool—GoGatoZ: Black Hill's Phill Miller has released GoGatoZ, a tool to scan and attack GitLab repositories.

New tool—Z-Jail: Division-36 has published Z-Jail, a sandbox for native code execution on Linux.

BSides Calgary 2026 streams: Live streams from the BSides Calgary 2026 security conference, which took place at the end of May, are available on YouTube.

Phrack is looking for art: The Phrack hacker e-zine is looking for artists to feature their art in its next number, expected later this year.

Phrack wants your art! The theme for this issue is retro sci-fi / old-school cybernetic futures. But we accept all kinds of contributions :) ANSI, illustration, collage, renders, weird experiments. Send it to: arts@phrack.org Deadline June 30th

[image or embed]

— Phrack Zine (@phrack.org) May 25, 2026 at 11:13 PM

Risky Business podcasts

In this episode of Risky Business Features, Brad Arkin joins James Wilson to talk about how the fear of being left behind in the AI era means enterprises are taking risks that would have been considered insane just a couple of years ago.