Ars Technica

0-click GitLab hijacking flaw under active exploit, with thousands still unpatched

As someone who had their self-hosted Gitlab attacked in January I think I can explain. Before I do, I agree the writing is confusing at best and misleading at worst. MFA prevents the bad actors from ...
Dark Reading

Hackers Create Legit Phishing Links With Ghost GitHub, GitLab Comments

Hackers are using unpublished GitHub and GitLab comments to generate phishing links that appear to come from legitimate open source software (OSS) projects. The clever trick, first described by Sergei ...

Public GitLab repositories exposed more than 17,000 secrets

After scanning all 5.6 million public repositories on GitLab Cloud, a security engineer discovered more than 17,000 exposed ...
TechRepublic

GitLab Vulnerability ‘Highlights the Double-Edged Nature of AI Assistants’

GitLab Vulnerability ‘Highlights the Double-Edged Nature of AI Assistants’ Your email has been sent A remote prompt injection flaw in GitLab Duo allowed attackers to steal private source code and ...
Ars Technica

0-click GitLab hijacking flaw under active exploit, with thousands still unpatched

This is such an idiotic stance, because once you decide you'd like to update, you may not be able to do so, as there's no update/upgrade path from your long outdated version to the current one. And ...