Bleeping Computer

Internet Archive breached again through stolen access tokens

The Internet Archive was breached again, this time on their Zendesk email support platform after repeated warnings that threat actors stole exposed GitLab authentication tokens. Since last night, ...
Bleeping Computer

GitLab patches critical authentication bypass vulnerabilities

GitLab released security updates for Community Edition (CE) and Enterprise Edition (EE), fixing nine vulnerabilities, among which two critical severity ruby-saml library authentication bypass flaws.
TechRepublic

GitLab Vulnerability ‘Highlights the Double-Edged Nature of AI Assistants’

GitLab Vulnerability ‘Highlights the Double-Edged Nature of AI Assistants’ Your email has been sent A remote prompt injection flaw in GitLab Duo allowed attackers to steal private source code and ...
Dark Reading

GitLab's AI Assistant Opened Devs to Code Theft

An indirect prompt injection flaw in GitLab's artificial intelligence (AI) assistant could have allowed attackers to steal source code, direct victims to malicious websites, and more. In fact, ...
Computer Weekly

Patch GitLab vuln without delay, users warned

The US Cybersecurity and Infrastructure Security Agency (CISA) has this week added a vulnerability that was first disclosed in January in the GitLab open source platform to its Known Exploited ...
Computer Weekly

How GitLab is tapping AI in DevSecOps

GitLab is integrating artificial intelligence (AI) across its DevSecOps cycle to streamline software development and bolster security operations, its chief information security officer, Josh Lemos, ...