CSO Online

GitLab 2FA login protection bypass lets attackers take over accounts

The platform warns users of on-premises versions to upgrade to the latest versions; SaaS and web versions have been patched.
Arabian Post

GitLab patches critical flaws affecting two-factor authentication and service stability

GitLab patches critical flaws affecting two-factor authentication and service stability : Latest in - Arabian Post ...
Dark Reading

GitLab's AI Assistant Opened Devs to Code Theft

An indirect prompt injection flaw in GitLab's artificial intelligence (AI) assistant could have allowed attackers to steal source code, direct victims to malicious websites, and more. In fact, ...
TechRepublic

GitLab Vulnerability ‘Highlights the Double-Edged Nature of AI Assistants’

GitLab Vulnerability ‘Highlights the Double-Edged Nature of AI Assistants’ Your email has been sent A remote prompt injection flaw in GitLab Duo allowed attackers to steal private source code and ...
Ars Technica

Researchers cause GitLab AI developer assistant to turn safe code malicious

Marketers promote AI-assisted developer tools as workhorses that are essential for today’s software engineer. Developer platform GitLab, for instance, claims its Duo chatbot can “instantly generate a ...
InfoWorld

GitLab introduces AI agent-enabled devsecops platform

Moving forward on AI, GitLab is offering a public beta of GitLab Duo Agent Platform, a devsecops orchestration platform intended to unlock asynchronous collaboration between developers and AI agents.
Bleeping Computer

GitLab 'strongly recommends' patching max severity flaw ASAP

GitLab has released an emergency security update, version 16.0.1, to address a maximum severity (CVSS v3.1 score: 10.0) path traversal flaw tracked as CVE-2023-2825. GitLab is a web-based Git ...