TechRepublic

GitLab Vulnerability ‘Highlights the Double-Edged Nature of AI Assistants’

A remote prompt injection flaw in GitLab Duo allowed attackers to steal private source code and inject malicious HTML. GitLab has since patched the issue. A newly disclosed vulnerability in GitLab Duo ...
InfoQ

GitLab 11.9 Released with Automated Secrets Detection

Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with content, and download exclusive resources. Dany Lepage discusses the architectural ...
ZDNet

GitLab awards researcher $20,000, patches remote code execution bug

Simple steps can make the difference between losing your online accounts or maintaining what is now a precious commodity: Your privacy. Read now GitLab has awarded a cybersecurity researcher $20,000 ...
TechRepublic

GitLab announces AI-DevSecOps platform GitLab 16

GitLab 16 includes more than 55 improvements and new features. Learn about the most notable new technologies in this GitLab platform. GitLab announced on Monday the new GitLab 16 platform, an upgraded ...
The Next Web

GitLab now automatically warns against merging API keys into your codebase

GitLab, the hugely popular devops platform, today announced the introduction of secrets detection with version 11.9 of the service. This means that should someone inadvertently include an API key or ...
Bleeping Computer

GitLab patches critical authentication bypass vulnerabilities

GitLab released security updates for Community Edition (CE) and Enterprise Edition (EE), fixing nine vulnerabilities, among which two critical severity ruby-saml library authentication bypass flaws.
Bleeping Computer

Over 5,300 GitLab servers exposed to zero-click account takeover attacks

Over 5,300 internet-exposed GitLab instances are vulnerable to CVE-2023-7028, a zero-click account takeover flaw GitLab warned about earlier this month. The critical (CVSS score: 10.0) flaw allows ...