The Next Web

GitLab now automatically warns against merging API keys into your codebase

GitLab, the hugely popular devops platform, today announced the introduction of secrets detection with version 11.9 of the service. This means that should someone inadvertently include an API key or ...
TechRadar

Security researcher uncovers 17,000 secrets in public GitLab repositories

Researcher Luke Marshall found 17,000 exposed secrets in GitLab Cloud repositories Leaked credentials risk hijacks, cryptomining, and deeper infrastructure compromise Marshall automated scans, earned ...
Ars Technica

Maximum-severity GitLab flaw allowing account hijacking under active exploitation

A maximum severity vulnerability that allows hackers to hijack GitLab accounts with no user interaction required is now under active exploitation, federal government ...
CSOonline

Prompt injection flaws in GitLab Duo highlights risks in AI assistants

Researchers managed to trick GitLab’s AI-powered coding assistant to display malicious content to users and leak private source code by injecting hidden prompts in code comments, commit messages and ...