{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreiczg4dfawb7bo7f6xngvebse5sauvjeaydjwa2pg5qdp7ys7dh42q",
    "uri": "at://did:plc:6wtxqaikjf62unmnajbfbq5v/app.bsky.feed.post/3mkzn6g4w6tp2"
  },
  "coverImage": {
    "$type": "blob",
    "ref": {
      "$link": "bafkreidhxscsyktscognsxe3m6gxx4qa6fmjslnrkrfnnqonm5bfdxmjlm"
    },
    "mimeType": "image/jpeg",
    "size": 133873
  },
  "path": "/poisoned-ruby-gems-and-go-modules-target-ci-pipelines-to-steal-developer-credentials/",
  "publishedAt": "2026-05-03T15:00:23.000Z",
  "site": "https://vpncentral.com",
  "tags": [
    "News",
    "Poisoned Ruby gems and Go modules target CI pipelines to steal developer credentials",
    "VPN Central"
  ],
  "textContent": "A new software supply chain campaign used malicious Ruby gems and Go modules to steal credentials from developers, tamper with GitHub Actions workflows, and plant SSH persistence on compromised systems. The campaign has been linked to the GitHub account BufferZoneCorp, which published packages that looked like normal developer utilities. Some packages worked as “sleepers” first, […]\n\nThe post Poisoned Ruby gems and Go modules target CI pipelines to steal developer credentials appeared first on VPN Central.",
  "title": "Poisoned Ruby gems and Go modules target CI pipelines to steal developer credentials"
}