RubyGems.org halted new signups after DDoS and 500+ malicious gem uploads. Existing install/push unaffected — check lockfiles for gems added around May 12 2026.
TanStack npm compromise (42 pkgs / 84 versions, CVE-2026-45321 CVSS 9.6) on May 11, 2026 UTC spread across UiPath (60+), Mistral, OpenSearch, guardrails-ai, Checkmarx Jenkins. Covers token-revoke wipe ordering, first valid SLSA provenance on malicious npm, and Vect ransomware secondary wave (wiper, not real ransomware). Live tracking.
