A major vulnerability in GitLab that allows hackers to take over accounts is now being actively exploited. The problem arose from a feature implemented in May 2023 that enabled users to change passwords through secondary email addresses. GitLab released a patch for the problem in January but many users have yet to install it. The US Cybersecurity and Infrastructure Security Agency has told all federal agencies to install the patch immediately. Even with the patch, previously breached accounts cannot be secured. It is advised GitLab users enable multi-factor authentication.
CISA announces secure by design pledges from leading tech providers
The CISA announced that 68 software manufacturers have agreed to their Secure by Design pledge, indicating a commitment to prioritizing security measures in their products.