Tag: gitlab
-
GitLab Vulnerability ‘Highlights the Double-Edged Nature of AI Assistants’
A remote prompt injection flaw in GitLab Duo allowed attackers to steal private source code and inject malicious HTML. GitLab has since patched the issue. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-gitlab-duo-vulnerability-hidden-prompts/
-
GitLab ‘Vulnerability Highlights the Double-Edged Nature of AI Assistants’
A remote prompt injection flaw in GitLab Duo allowed attackers to steal private source code and inject malicious HTML. GitLab has since patched the issue. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-gitlab-duo-vulnerability-hidden-prompts/
-
Researchers cause GitLab AI developer assistant to turn safe code malicious
AI assistants can’t be trusted to produce safe code. First seen on arstechnica.com Jump to article: arstechnica.com/security/2025/05/researchers-cause-gitlab-ai-developer-assistant-to-turn-safe-code-malicious/
-
GitLab Duo Vulnerability Exploited to Inject Malicious Links and Steal Source Code
A security vulnerability was recently discovered in GitLab Duo, the AI-powered coding assistant integrated into GitLab and based on Anthropic’s Claude models. Security researchers from Legit Security revealed that attackers could exploit an indirect prompt injection flaw to exfiltrate private source code, manipulate AI-generated code suggestions, and even leak confidential zero-day vulnerabilities”, all through seemingly…
-
GitLab Duo Vulnerability Enabled Attackers to Hijack AI Responses with Hidden Prompts
Cybersecurity researchers have discovered an indirect prompt injection flaw in GitLab’s artificial intelligence (AI) assistant Duo that could have allowed attackers to steal source code and inject untrusted HTML into its responses, which could then be used to direct victims to malicious websites.GitLab Duo is an artificial intelligence (AI)-powered coding assistant that enables users to…
-
GitLab’s AI Assistant Opened Devs to Code Theft
Even after a fix was issued, lingering prompt injection risks in GitLab’s AI assistant might allow attackers to indirectly deliver developers malware, dirty links, and more. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/gitlab-ai-assistant-opened-devs-to-code-theft
-
GitHub’s AI Assistant Opened Devs to Code Theft
Even after a fix was issued, lingering prompt injection risks in GitLab’s AI assistant might allow attackers to indirectly deliver developers malware, dirty links, and more. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/github-ai-assistant-opened-devs-to-code-theft
-
Several GitLab Vulnerabilities Enable Attackers to Launch DoS Attacks
GitLab has issued critical security patches addressing 11 vulnerabilities across its Community Edition (CE) and Enterprise Edition (EE) platforms, with three high-risk flaws enabling denial-of-service (DoS) attacks dominating the threat landscape. The coordinated release of versions 18.0.1, 17.11.3, and 17.10.7 comes as the DevOps platform confronts multiple attack vectors that could destabilize systems through resource…
-
GitLab 18 rolls out with duo AI features
First seen on scworld.com Jump to article: www.scworld.com/brief/gitlab-18-rolls-out-with-duo-ai-features
-
GitLab Releases Critical Patch for XSS, DoS, and Account Takeover Bugs
GitLab, a leading DevOps platform, has released a critical security patch impacting both its Community (CE) and Enterprise (EE) editions, urging all self-managed users to update immediately. The new versions”, 17.11.1, 17.10.5, and 17.9.7″, address several high and medium-severity vulnerabilities, including cross-site scripting (XSS), denial of service (DoS), and account takeover threats. GitLab emphasizes the…
-
Availity eyes GitLab Duo with Amazon Q for code refactoring
The healthcare network’s release engineering team is testing the new AI agent pairing to help with code consolidation, modernization and risk mitigation. First seen on techtarget.com Jump to article: www.techtarget.com/searchitoperations/news/366622842/Availity-eyes-GitLab-Duo-with-Amazon-Q-for-code-refactoring
-
Ransomware-Attacke auf Europcar
Tags: access, android, backup, cloud, computer, cyberattack, dark-web, gitlab, hacker, infrastructure, mail, ransomwareEuropcar hat einen Cyberangriff mit Datendiebstahl erlitten.Im Darknet sind kürzlich Hinweise auf einen Cyberangriff bei Europcar aufgetaucht, bei dem Kundendaten und andere vertrauliche Informationen entwendet wurden. Wie aus einem Bericht von Bleeping Computer hervorgeht, ist der Angreifer in die Gitlab-Repositories des Fahrzeugvermieters eingedrungen und hat Daten von 200.000 Kunden und den Quellcode für Android- und…
-
Europcar GitLab Breach Exposes Customer Data
First seen on scworld.com Jump to article: www.scworld.com/brief/europcar-gitlab-breach-exposes-customer-data
-
Up to 200K purportedly impacted by Europcar GitLab breach
First seen on scworld.com Jump to article: www.scworld.com/brief/up-to-200k-purportedly-impacted-by-europcar-gitlab-breach
-
Datenleck: Kundendaten und Quellcode von Europcar abgeflossen
Ein Hacker hat wohl erfolgreich Gitlab-Repos von Europcar kompromittiert und dadurch Kundendaten und andere vertrauliche Informationen erbeutet. First seen on golem.de Jump to article: www.golem.de/news/datenleck-kundendaten-und-quellcode-von-europcar-abgeflossen-2504-195077.html
-
Hack The box >>Ghost<< Challenge Cracked A Detailed Technical Exploit
Cybersecurity researcher >>0xdf>Ghost
-
Europcar GitLab breach exposes data of up to 200,000 customers
A hacker breached the GitLab repositories of multinational car-rental company Europcar Mobility Group and stole source code for Android and iOS applications, as well as some personal information belonging to up to 200,000 users. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/europcar-gitlab-breach-exposes-data-of-up-to-200-000-customers/
-
Why So Many Employee Phishing Training Initiatives Fall Short
During the work-from-home boom of 2020, GitLab, a company that largely employs tech-savvy individuals, decided to test its security by sending fake phishing messages to its WFH workers. About one out of every five tested employees fell for it, and… First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/03/why-so-many-employee-phishing-training-initiatives-fall-short/
-
GitLab fixes critical SSO bypass vulnerabilities in update
First seen on scworld.com Jump to article: www.scworld.com/news/gitlab-fixes-critical-sso-bypass-vulnerabilities-in-update
-
GitLab addressed critical auth bypass flaws in CE and EE
GitLab addressed two critical authentication bypass vulnerabilities in Community Edition (CE) and Enterprise Edition (EE). GitLab released security updates to address critical vulnerabilities in Community Edition (CE) and Enterprise Edition (EE). The company addressed nine vulnerabilities, including the two critical ruby-saml authentication bypass issues respectively tracked as CVE-2025-25291 and CVE-2025-25292. GitLab CE/EE versions 17.7.7, 17.8.5,…
-
GitLab patches critical authentication bypass vulnerabilities
GitLab released security updates for Community Edition (CE) and Enterprise Edition (EE), fixing nine vulnerabilities, among which two critical severity ruby-saml library authentication bypass flaws. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/gitlab-patches-critical-authentication-bypass-vulnerabilities/
-
GitLab Identifies Security Vulnerabilities Enabling Attacker Logins as Valid Users
GitLab announced the release of versions 17.9.2, 17.8.5, and 17.7.7 for both its Community Edition (CE) and Enterprise Edition (EE). These updates include crucial bug and security fixes, urging all self-managed installations to upgrade promptly to protect against several critical vulnerabilities. Impact of the Vulnerabilities Two significant security issues identified in third-party gems used by…
-
Ohne Nutzerinteraktion: Wie Hacker fremde Gitlab-Accounts übernehmen konnten
Letztes Jahr hat Gitlab eine gefährliche Sicherheitslücke geschlossen. Ein neuer Bericht zeigt, wie leicht sich damit fremde Konten kapern ließen. First seen on golem.de Jump to article: www.golem.de/news/sicherheitsluecke-per-passwort-reset-fremde-gitlab-konten-infiltriert-2503-193884.html
-
Sicherheitslücke: Per Passwort-Reset fremde Gitlab-Konten infiltriert
Letztes Jahr hat Gitlab eine gefährliche Sicherheitslücke geschlossen. Ein neuer Bericht zeigt, wie leicht sich damit fremde Konten kapern ließen. First seen on golem.de Jump to article: www.golem.de/news/sicherheitsluecke-per-passwort-reset-fremde-gitlab-konten-infiltriert-2503-193884.html
-
GitLab Vulnerabilities Allow Attackers to Bypass Security and Run Arbitrary Scripts
GitLab has urgently released security updates to address multiple high-severity vulnerabilities in its platform that could allow attackers to bypass security mechanisms, execute malicious scripts, and access sensitive data. The patches, included in versions 17.9.1, 17.8.4, and 17.7.6 for both Community Edition (CE) and Enterprise Edition (EE), mitigate critical risks affecting Kubernetes integrations, dependency management,…
-
Software Bill of Material umsetzen: Die besten SBOM-Tools
Tags: api, business, compliance, container, cyberattack, data, docker, gartner, github, gitlab, healthcare, linux, monitoring, open-source, risk, saas, sbom, service, software, tool, update, vulnerabilityNur wenn Sie wissen, was drinsteckt, können Sie sich sicher sein, dass alles mit rechten Dingen zugeht. Das gilt für Fast Food wie für Software. Um Software abzusichern, muss man wissen, was in ihrem Code steckt. Aus diesem Grund ist eine Software Bill of Material, SBOM oder Software-Stückliste heute unerlässlich. Der SolarWinds-Angriff sowie die Log4j-Schwachstelle…