Collecting Cyber-News from over 60 sources

Tag: gitlab

GitHub’s AI Assistant Opened Devs to Code Theft

May 22, 2025 12:55 PM

Tags: ai, github, gitlab, injection, malware, risk, theft

Even after a fix was issued, lingering prompt injection risks in GitLab’s AI assistant might allow attackers to indirectly deliver developers malware, dirty links, and more. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/github-ai-assistant-opened-devs-to-code-theft
Several GitLab Vulnerabilities Enable Attackers to Launch DoS Attacks

May 22, 2025 10:55 AM

Tags: attack, cyber, dos, flaw, gitlab, risk, service, threat, vulnerability

GitLab has issued critical security patches addressing 11 vulnerabilities across its Community Edition (CE) and Enterprise Edition (EE) platforms, with three high-risk flaws enabling denial-of-service (DoS) attacks dominating the threat landscape. The coordinated release of versions 18.0.1, 17.11.3, and 17.10.7 comes as the DevOps platform confronts multiple attack vectors that could destabilize systems through resource…
GitLab 18 rolls out with duo AI features

May 16, 2025 10:54 PM

Tags: ai, gitlab

First seen on scworld.com Jump to article: www.scworld.com/brief/gitlab-18-rolls-out-with-duo-ai-features
GitLab Releases Critical Patch for XSS, DoS, and Account Takeover Bugs

Apr 24, 2025 10:50 AM

Tags: cyber, dos, gitlab, service, update, vulnerability, xss

GitLab, a leading DevOps platform, has released a critical security patch impacting both its Community (CE) and Enterprise (EE) editions, urging all self-managed users to update immediately. The new versions”, 17.11.1, 17.10.5, and 17.9.7″, address several high and medium-severity vulnerabilities, including cross-site scripting (XSS), denial of service (DoS), and account takeover threats. GitLab emphasizes the…
Availity eyes GitLab Duo with Amazon Q for code refactoring

Apr 18, 2025 9:28 PM

Tags: ai, gitlab, healthcare, network, risk

The healthcare network’s release engineering team is testing the new AI agent pairing to help with code consolidation, modernization and risk mitigation. First seen on techtarget.com Jump to article: www.techtarget.com/searchitoperations/news/366622842/Availity-eyes-GitLab-Duo-with-Amazon-Q-for-code-refactoring
Ransomware-Attacke auf Europcar

Apr 8, 2025 3:42 PM

Tags: access, android, backup, cloud, computer, cyberattack, dark-web, gitlab, hacker, infrastructure, mail, ransomware

Europcar hat einen Cyberangriff mit Datendiebstahl erlitten.Im Darknet sind kürzlich Hinweise auf einen Cyberangriff bei Europcar aufgetaucht, bei dem Kundendaten und andere vertrauliche Informationen entwendet wurden. Wie aus einem Bericht von Bleeping Computer hervorgeht, ist der Angreifer in die Gitlab-Repositories des Fahrzeugvermieters eingedrungen und hat Daten von 200.000 Kunden und den Quellcode für Android- und…
Europcar GitLab Breach Exposes Customer Data

Apr 7, 2025 10:42 PM

Tags: breach, data, gitlab

First seen on scworld.com Jump to article: www.scworld.com/brief/europcar-gitlab-breach-exposes-customer-data
Up to 200K purportedly impacted by Europcar GitLab breach

Apr 7, 2025 10:42 PM

Tags: breach, gitlab

First seen on scworld.com Jump to article: www.scworld.com/brief/up-to-200k-purportedly-impacted-by-europcar-gitlab-breach
Datenleck: Kundendaten und Quellcode von Europcar abgeflossen

Apr 7, 2025 9:42 AM

Tags: data-breach, gitlab, hacker

Ein Hacker hat wohl erfolgreich Gitlab-Repos von Europcar kompromittiert und dadurch Kundendaten und andere vertrauliche Informationen erbeutet. First seen on golem.de Jump to article: www.golem.de/news/datenleck-kundendaten-und-quellcode-von-europcar-abgeflossen-2504-195077.html
Hack The box >>Ghost<< Challenge Cracked A Detailed Technical Exploit

Apr 6, 2025 3:42 PM

Tags: attack, cyber, cybersecurity, exploit, gitlab, penetration-testing, skills, vulnerability

Cybersecurity researcher >>0xdf>Ghost
Europcar GitLab breach exposes data of up to 200,000 customers

Apr 4, 2025 4:42 PM

Tags: android, breach, data, gitlab, group, hacker

A hacker breached the GitLab repositories of multinational car-rental company Europcar Mobility Group and stole source code for Android and iOS applications, as well as some personal information belonging to up to 200,000 users. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/europcar-gitlab-breach-exposes-data-of-up-to-200-000-customers/
How To Harden GitLab Permissions with Tenable

Apr 4, 2025 12:42 AM

Tags: access, api, attack, authentication, business, control, data, data-breach, gitlab, group, open-source, organized, programming, risk, saas, service, software, tool, unauthorized

If your organization uses GitLab for managing your software development lifecycle, you must ensure you’re not misconfiguring the permissions of this open source DevSecOps platform. Doing so can expose your source code, along with sensitive data, while creating security risks. In this blog, we’ll explain how new Tenable plugins can help you keep your GitLab…
Why So Many Employee Phishing Training Initiatives Fall Short

Mar 20, 2025 6:14 AM

Tags: gitlab, phishing, training

During the work-from-home boom of 2020, GitLab, a company that largely employs tech-savvy individuals, decided to test its security by sending fake phishing messages to its WFH workers. About one out of every five tested employees fell for it, and… First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/03/why-so-many-employee-phishing-training-initiatives-fall-short/
GitLab fixes critical SSO bypass vulnerabilities in update

Mar 15, 2025 9:52 PM

Tags: gitlab, update, vulnerability

First seen on scworld.com Jump to article: www.scworld.com/news/gitlab-fixes-critical-sso-bypass-vulnerabilities-in-update
GitLab addressed critical auth bypass flaws in CE and EE

Mar 13, 2025 11:52 PM

Tags: authentication, cve, flaw, gitlab, update, vulnerability

GitLab addressed two critical authentication bypass vulnerabilities in Community Edition (CE) and Enterprise Edition (EE). GitLab released security updates to address critical vulnerabilities in Community Edition (CE) and Enterprise Edition (EE). The company addressed nine vulnerabilities, including the two critical ruby-saml authentication bypass issues respectively tracked as CVE-2025-25291 and CVE-2025-25292. GitLab CE/EE versions 17.7.7, 17.8.5,…
GitLab patches critical authentication bypass vulnerabilities

Mar 13, 2025 5:52 PM

Tags: authentication, gitlab, update, vulnerability

GitLab released security updates for Community Edition (CE) and Enterprise Edition (EE), fixing nine vulnerabilities, among which two critical severity ruby-saml library authentication bypass flaws. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/gitlab-patches-critical-authentication-bypass-vulnerabilities/
GitLab Identifies Security Vulnerabilities Enabling Attacker Logins as Valid Users

Mar 13, 2025 7:52 AM

Tags: cyber, gitlab, login, update, vulnerability

GitLab announced the release of versions 17.9.2, 17.8.5, and 17.7.7 for both its Community Edition (CE) and Enterprise Edition (EE). These updates include crucial bug and security fixes, urging all self-managed installations to upgrade promptly to protect against several critical vulnerabilities. Impact of the Vulnerabilities Two significant security issues identified in third-party gems used by…
Getting the Most Value Out of the OSCP: The PEN-200 Course

Mar 4, 2025 6:34 PM

Tags: access, antivirus, attack, awareness, backdoor, cloud, compliance, conference, control, credentials, cve, cybersecurity, data, defense, detection, dos, edr, endpoint, exploit, github, gitlab, guide, hacker, hacking, jobs, kali, linkedin, linux, login, malicious, malware, mandiant, microsoft, network, ntlm, open-source, password, penetration-testing, powershell, programming, rce, remote-code-execution, risk, service, skills, software, tactics, theft, threat, tool, unauthorized, update, vmware, vulnerability, windows

In this second post of a five-part series, I provide advice on how to best utilize the PEN-200 course material for a successful career in ethical hacking. Disclaimer: All opinions expressed in this article are solely my own. I have reviewed the content to ensure compliance with OffSec’s copyright policies and agreements. I have not been…
Ohne Nutzerinteraktion: Wie Hacker fremde Gitlab-Accounts übernehmen konnten

Mar 3, 2025 3:34 PM

Tags: bug, gitlab, hacker

Letztes Jahr hat Gitlab eine gefährliche Sicherheitslücke geschlossen. Ein neuer Bericht zeigt, wie leicht sich damit fremde Konten kapern ließen. First seen on golem.de Jump to article: www.golem.de/news/sicherheitsluecke-per-passwort-reset-fremde-gitlab-konten-infiltriert-2503-193884.html
Sicherheitslücke: Per Passwort-Reset fremde Gitlab-Konten infiltriert

Mar 3, 2025 2:34 PM

Tags: bug, gitlab, password

Letztes Jahr hat Gitlab eine gefährliche Sicherheitslücke geschlossen. Ein neuer Bericht zeigt, wie leicht sich damit fremde Konten kapern ließen. First seen on golem.de Jump to article: www.golem.de/news/sicherheitsluecke-per-passwort-reset-fremde-gitlab-konten-infiltriert-2503-193884.html
GitLab Vulnerabilities Allow Attackers to Bypass Security and Run Arbitrary Scripts

Feb 27, 2025 7:59 AM

Tags: access, cyber, gitlab, kubernetes, malicious, risk, update, vulnerability

GitLab has urgently released security updates to address multiple high-severity vulnerabilities in its platform that could allow attackers to bypass security mechanisms, execute malicious scripts, and access sensitive data. The patches, included in versions 17.9.1, 17.8.4, and 17.7.6 for both Community Edition (CE) and Enterprise Edition (EE), mitigate critical risks affecting Kubernetes integrations, dependency management,…
Software Bill of Material umsetzen: Die besten SBOM-Tools

Feb 17, 2025 5:46 AM

Tags: api, business, compliance, container, cyberattack, data, docker, gartner, github, gitlab, healthcare, linux, monitoring, open-source, risk, saas, sbom, service, software, tool, update, vulnerability

Nur wenn Sie wissen, was drinsteckt, können Sie sich sicher sein, dass alles mit rechten Dingen zugeht. Das gilt für Fast Food wie für Software. Um Software abzusichern, muss man wissen, was in ihrem Code steckt. Aus diesem Grund ist eine Software Bill of Material, SBOM oder Software-Stückliste heute unerlässlich. Der SolarWinds-Angriff sowie die Log4j-Schwachstelle…
Sicherheitslücken: Gitlab-Entwickler raten zu zügigem Update

Feb 13, 2025 2:48 PM

Tags: dos, gitlab, update

Gitlab ist unter anderem für DoS-Attacken anfällig. Außerdem können vertrauliche Informationen leaken. First seen on heise.de Jump to article: www.heise.de/news/Sicherheitsluecken-Gitlab-Entwickler-raten-zu-zuegigem-Update-10281262.html
GitLab Security Update Patch for Multiple Vulnerabilities

Jan 27, 2025 8:03 AM

Tags: cyber, gitlab, update, vulnerability, xss

GitLab, the widely adopted DevOps platform, has announced the immediate release ofversions 17.8.1, 17.7.3, and 17.6.4for both its Community Edition (CE) and Enterprise Edition (EE). These updates address multiple security vulnerabilities and provide critical fixes, underscoring GitLab’s commitment to maintaining the highest security standards. The vulnerabilities addressed in these updates include a high-severityStored XSS via…
Gitlab Patches Multiple Vulnerabilities Including Resource Exhaustion User Manipulation

Jan 9, 2025 10:18 AM

Tags: cyber, gitlab, update, vulnerability

GitLab has announced the release of critical updates to its Community Edition (CE) and Enterprise Edition (EE), specifically versions 17.7.1, 17.6.3, and 17.5.5. These updates are essential for maintaining security and stability across all self-managed GitLab installations and should be implemented immediately. The company has already rolled out the patched version on GitLab.com, and GitLab…
GitLab CISO on proactive monitoring and metrics for DevSecOps success

Jan 9, 2025 7:18 AM

Tags: ciso, gitlab, metric, monitoring

In this Help Net Security interview, Josh Lemos, CISO at GitLab, talks about the shift from DevOps to DevSecOps, focusing on the complexity of building systems and integrating … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/01/09/josh-lemos-gitlab-devsecops-success/
Hackers Possibly Stole Personal Data From Bitcoin ATM Operator Byte Federal

Dec 13, 2024 3:05 PM

Tags: access, data, flaw, gitlab, hacker

Byte Federal says the personal information of 58,000 was compromised after a GitLab flaw allowed attackers to access a server. The post Hackers Possibly Stole Personal Data From Bitcoin ATM Operator Byte Federal appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/hackers-possibly-stole-personal-data-from-bitcoin-atm-operator-byte-federal/
US Bitcoin ATM operator Byte Federal suffered a data breach

Dec 13, 2024 1:05 AM

Tags: access, breach, data, data-breach, exploit, gitlab, threat, unauthorized

US Bitcoin ATM operator Byte Federal suffered a data breach impacting 58,000 customers, attackers gained unauthorized access to a server via GitLab flaw. US Bitcoin ATM operator Byte Federal disclosed a data breach after threat actors gained unauthorized access to a company server by exploiting a GitLab vulnerability. Byte Federal is a company specializing in…
Bitcoin ATM firm Byte Federal hacked via GitLab flaw, 58K users exposed

Dec 12, 2024 6:05 PM

Tags: breach, data, data-breach, flaw, gitlab

US Bitcoin ATM operator Byte Federal has disclosed a data breach that exposed the data of 58,000 customers after its systems were breached using a GitLab vulnerability. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/bitcoin-atm-firm-byte-federal-hacked-via-gitlab-flaw-58k-users-exposed/
GitLab Security Update, Patch for Critical Vulnerabilities

Dec 12, 2024 11:05 AM

Tags: cyber, gitlab, update, vulnerability

GitLab announced the release of critical security patches for its Community Edition (CE) and Enterprise Edition (EE). The newly released versions 17.6.2, 17.5.4, and 17.4.6 address several high-severity vulnerabilities, and GitLab strongly recommends that all self-managed installations be upgraded immediately. It is worth noting that GitLab.com is already running the patched version, while GitLab-dedicated customers…