News

TechRepublic1mon
GitLab Vulnerability ‘Highlights the Double-Edged Nature of AI ...
GitLab Vulnerability ‘Highlights the Double-Edged Nature of AI Assistants’ Your email has been sent A remote prompt injection flaw in GitLab Duo allowed attackers to steal private source code ...
Ars Technica1mon
Researchers cause GitLab AI developer assistant to turn safe code ...
Examples include merge requests, commits, bug descriptions and comments, and source code. The researchers demonstrated how instructions embedded inside these sources can lead Duo astray.
Dark Reading1mon
GitLab's AI Assistant Opened Devs to Code Theft
Prompt injection risks in GitLab's AI assistant could have allowed attackers to steal source code, or indirectly deliver developers malware, dirty links, and more. Nate Nelson, Contributing Writer ...
VentureBeat3y
GitLab's open source Package Hunter detects malicious code in ...
GitLab quietly announced Package Hunter back in December and has been running the prototype internally since. But as of July 23, the company has made it available under a permissive MIT license ...
Ars Technica1y
Maximum-severity GitLab flaw allowing account hijacking under active ...
An example of a similar supply chain attack is the one that hit SolarWinds in 2020 and pushed malware to more than 18,000 of its customers, 100 of whom received follow-on hacks.