Tag: gitlab
-
GitLab Patches Multiple Vulnerabilities Allowing Account Takeover
GitLab has released security updates for GitLab CE/EE and EE that patch multiple vulnerabilities, including several high”‘impact flaws that could lead to account takeover, data exposure, and denial of service if left unpatched. Administrators are strongly advised to upgrade to GitLab 19.0.2, 18.11.5, or 18.10.8, as applicable, to fully mitigate these issues. GitLab Patches Multiple…
-
GitLab Patches Multiple Vulnerabilities Allowing Account Takeover
GitLab has released security updates for GitLab CE/EE and EE that patch multiple vulnerabilities, including several high”‘impact flaws that could lead to account takeover, data exposure, and denial of service if left unpatched. Administrators are strongly advised to upgrade to GitLab 19.0.2, 18.11.5, or 18.10.8, as applicable, to fully mitigate these issues. GitLab Patches Multiple…
-
Studie von GitLab – KI-generierter Code erzeugt schneller Sicherheitslücken, als er sie beseitigt
First seen on security-insider.de Jump to article: www.security-insider.de/ki-code-skalierbare-security-reviews-devops-a-d6842b922f23928b67accfeb2d881b65/
-
Expired domain leads to supply chain attack on node-ipc npm package
require(‘node-ipc’). The trojanized versions were designed to remain fully functional to avoid immediate detection, which together with other decisions attackers took, such as data exfiltration via DNS TXT, suggest stealthiness was a top priority.Once executed, the malicious code collects information about the host system, including operating system version, hostname, and environment variables. It then starts…
-
GitLab Security Flaw Allows Cross-Site Scripting and Unauthenticated DoS
GitLab has issued an urgent security update to neutralise a massive wave of vulnerabilities. Threat actors could exploit these newly disclosed flaws to silently hijack developer sessions or completely paralyze continuous integration pipelines with unauthenticated attacks. GitLab Security Flaw On May 13, 2026, GitLab released critical patch versions 18.11.3, 18.10.6, and 18.9.7 for both its…
-
GitLab Fixes Flaws That Could Allow Attackers to Hijack User Sessions
GitLab has released emergency security patches addressing 11 vulnerabilities across its Community Edition (CE) and Enterprise Edition (EE), including three high-severity flaws that could allow attackers to execute malicious code, forge requests, and steal user session tokens. On April 22, 2026, GitLab released versions 18.11.1, 18.10.4, and 18.9.6 for both CE and EE deployments. GitLab.com has already been…
-
Janela RAT Spreads via Fake MSI Installers, Malicious Extensions
Janela Remote Access Trojan (RAT) campaign using fake Windows MSI installers and malicious browser extensions to infiltrate financial networks and exfiltrate sensitive data. The latest Janela RAT samples are being distributed through public GitLab repositories, where attackers host MSI installation files disguised as legitimate software installers. Unsuspecting users in Chile, Colombia, and Mexico the campaign’s primary targets are lured into downloading these…
-
GitHub, GitLab Abused for Malware and Phishing Campaigns
Hackers are increasingly abusing trusted software development platforms GitHub and GitLab to host malware and credential phishing campaigns, making defensive detection significantly harder for enterprises. Because these Git-based platforms are deeply integrated into development and business workflows, organizations cannot simply block them at the network edge, giving threat actors a powerful, trusted delivery channel. GitHub…
-
GitLab Security Update Fixes High-Severity CVE-2026-5173, 11 Other Flaws
GitLab has rolled out a major security update to address a series of vulnerabilities impacting both its Community Edition (CE) and Enterprise Edition (EE) platforms. The GitLab security update resolves multiple flaws, including high-severity issues that could be exploited to disrupt services or gain unintended access to system functionality. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/gitlab-security-update-cve-2026-5173/
-
GitLab Addresses Multiple Vulnerabilities Linked to DoS and Code Injection
GitLab has rolled out a crucial security update to fix multiple vulnerabilities across its Community Edition (CE) and Enterprise Edition (EE) platforms. Organizations utilizing self-managed GitLab instances are strongly advised by GitLab security experts to apply these updates immediately to prevent potential exploitation. Customers utilizing GitLab Dedicated or the cloud-hosted GitLab.com services are already protected…
-
The Growing Abuse of GitHub and GitLab in Phishing Campaigns
Threat actors are increasingly abusing trusted platforms like GitHub and GitLab to host malware and credential phishing pages, allowing malicious links to bypass email security because these domains are widely trusted and cannot easily be blocked. The volume of these campaigns has grown significantly since 2021, with 2025 accounting for nearly half of all activity,…
-
Plumber: Open-source scanner of GitLab CI/CD pipelines for compliance gaps
GitLab CI/CD pipelines often accumulate configuration decisions that drift from security baselines over time. Container images get pinned to mutable tags, branches lose … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/23/plumber-open-source-gitlab-ci-cd-compliance-scanner/
-
North Korean fake IT worker tradecraft exposed
Opportunistic and broadly targeted: These suspect code silos were abused in a variety of illicit projects split between targeting job-seeking programmers and fake IT worker operations.”Based on our visibility, malware operations targeting individual developers seeking employment are most common,” Oliver Smith, senior threat intelligence engineer at GitLab, told CSO. “Threat actors appear to have a…
-
North Korean fake IT worker tradecraft exposed
Opportunistic and broadly targeted: These suspect code silos were abused in a variety of illicit projects split between targeting job-seeking programmers and fake IT worker operations.”Based on our visibility, malware operations targeting individual developers seeking employment are most common,” Oliver Smith, senior threat intelligence engineer at GitLab, told CSO. “Threat actors appear to have a…
-
Building Bridges, Breaking Pipelines: Introducing Trajan
TL;DR: Trajan is an open-source CI/CD security tool from Praetorian that unifies vulnerability detection and attack validation across GitHub Actions, GitLab CI, Azure DevOps, and Jenkins in a single cross-platform engine. It ships with 32 detection plugins and 24 attack plugins covering poisoned pipeline execution, secrets exposure, self-hosted runner risks, and AI/LLM pipeline vulnerabilities. It……
-
U.S. CISA adds Dell RecoverPoint and GitLab flaws to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Dell RecoverPoint and GitLab flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Dell RecoverPoint and GitLab flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: The first vulnerability added to the catalog is…
-
Black Duck Expands Polaris Integrations to Streamline Enterprise DevSecOps Across Major SCM Platforms
Black Duck has expanded the integration capabilities of its Polaris Platform to help enterprises embed automated, frictionless application security across large, complex development environments. The update introduces enhanced, native integrations with leading source code management (SCM) platforms, including GitHub, GitLab, Azure DevOps, and Bitbucket. The move is designed to support enterprises that manage hundreds or thousands…
-
CISA warns of five-year-old GitLab flaw exploited in attacks
Tags: attack, cisa, cybersecurity, exploit, flaw, gitlab, government, infrastructure, update, vulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered government agencies to patch their systems against a five-year-old GitLab vulnerability that is actively being exploited in attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisa-warns-of-five-year-old-gitlab-flaw-exploited-in-attacks/
-
CISA Warns of Exploited GitLab Community and Enterprise SSRF Vulnerability
Tags: api, cisa, cve, cyber, cybersecurity, exploit, flaw, gitlab, infrastructure, kev, vulnerabilityThe Cybersecurity and Infrastructure Security Agency (CISA) has added a critical server-side request forgery (SSRF) vulnerability affecting GitLab Community and Enterprise Editions to its Known Exploited Vulnerabilities (KEV) catalog. The flaw, tracked as CVE-2021-39935, is now confirmed to be under active exploitation in the wild. Vulnerability Details The SSRF vulnerability in GitLab’s CI Lint API…
-
U.S. CISA adds SolarWinds Web Help Desk, Sangoma FreePBX, and GitLab flaws to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds SolarWinds Web Help Desk, Sangoma FreePBX, and GitLab flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added SolarWinds Web Help Desk, Sangoma FreePBX, and GitLab flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: The first…
-
GitLab Releases Critical Patch Updates to Address Multiple High-Severity Vulnerabilities
GitLab has issued a new GitLab patch release addressing a range of security vulnerabilities and stability issues across multiple supported versions. The latest updates, versions 18.8.2, 18.7.2, and 18.6.4, apply to both GitLab Community Edition and Enterprise Edition and are now available for self-managed installations. According to the release information, these updates contain important bug fixes and security remediations,…
-
Zoom and GitLab Patch RCE, DoS, and 2FA Bypass Vulnerabilities
Tags: 2fa, business, dos, flaw, gitlab, infrastructure, programming, rce, remote-code-execution, software, update, vulnerabilityBoth platforms serve as backbone infrastructure for remote work and software development, making these flaws particularly dangerous for business continuity. The post Zoom and GitLab Patch RCE, DoS, and 2FA Bypass Vulnerabilities appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-zoom-gitlab-security-flaws-patched/
-
Das KI-Paradox in der Softwareentwicklung
Künstliche Intelligenz revolutioniert die Softwareentwicklung und beschleunigt die Code-Erstellung, bringt jedoch neue Herausforderungen bei Qualität, Sicherheit und Compliance mit sich. Das sogenannte KI-Paradox zwingt Unternehmen dazu, ihre operativen Frameworks zu überdenken und intelligente Orchestrierungslösungen zu etablieren. Die Studie zeigt, dass menschliche Kontrolle und Expertise trotz flächendeckendem KI-Einsatz weiterhin unverzichtbar bleiben. GitLab hat seinen aktuellen… First…
-
Zoom and GitLab Release Security Updates Fixing RCE, DoS, and 2FA Bypass Flaws
Zoom and GitLab have released security updates to resolve a number of security vulnerabilities that could result in denial-of-service (DoS) and remote code execution.The most severe of the lot is a critical security flaw impacting Zoom Node Multimedia Routers (MMRs) that could permit a meeting participant to conduct remote code execution attacks. The vulnerability, tracked…
-
GitLab warns of high-severity 2FA bypass, denial-of-service flaws
GitLab has patched a high-severity two-factor authentication bypass impacting community and enterprise editions of its software development platform. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/gitlab-warns-of-high-severity-2fa-bypass-denial-of-service-flaws/
-
GitLab Security Flaws Could Allow Two-Factor Authentication Bypass and DoS
GitLab has released critical security patches addressing multiple vulnerabilities affecting both Community Edition (CE) and Enterprise Edition (EE). Versions 18.8.2, 18.7.2, and 18.6.4 are now available to fix flaws that enable two-factor authentication bypass and denial-of-service attacks. GitLab strongly recommends that all self-managed installations upgrade immediately, while GitLab.com has already deployed the patches. Critical Authentication…
-
Hackers Exploit Visual Studio Code to Deploy Malicious Payloads on Victim Systems
The attack arsenal by extensively abusing Microsoft Visual Studio Code configuration files to deliver and execute malicious payloads on compromised systems. This evolution in the Contagious Interview campaign represents a sophisticated shift toward weaponizing legitimate developer tools. The infection chain begins when victims clone and open malicious Git repositories hosted on GitHub or GitLab, typically…