News

Researchers cause GitLab AI developer assistant to turn safe code malicious
Researchers from security firm Legit on Thursday demonstrated an attack that induced Duo into inserting malicious code into a ...
Computer Weekly6h
How GitLab is tapping AI in DevSecOps
GitLab CISO Josh Lemos explains how the company is weaving AI, through its Duo tool, into the entire software development ...
GitLab Vulnerability ‘Highlights the Double-Edged Nature of AI Assistants’
A remote prompt injection flaw in GitLab Duo allowed attackers to steal private source code and inject malicious HTML. GitLab ...
Bleeping Computer8mon
GitLab warns of critical pipeline execution vulnerability
GitLab has released critical updates to address multiple vulnerabilities, the most severe of them (CVE-2024-6678) allowing an attacker to trigger pipelines as arbitrary users under certain conditions.
Ars Technica1y
Maximum-severity GitLab flaw allowing account hijacking under active exploitation
A change GitLab implemented in May 2023 made it possible for users to initiate password changes ... and added the vulnerability to its list of known exploited vulnerabilities.
Bleeping Computer1y
GitLab warns of critical zero-click account hijacking vulnerability
GitLab has released security updates for both the Community and Enterprise Edition to address two critical vulnerabilities, one of them allowing account hijacking with no user interaction. The ...
TechRadar1y
GitLab users told to install emergency security fix immediately
GitLab has released a fix for a newly discovered security flaw, and is urging its users to install immediately as it addresses a high-severity vulnerability that can cause all sorts of trouble.
InfoWorld1y
GitLab Dedicated offers single-tenant, SaaS-based devsecops
Service hosted and managed by GitLab is geared to users with strict compliance requirements such as isolation, data residency, and private networking. GitLab Dedicated, a fully isolated ...