Dark Reading

'Culturestreak' Malware Lurks Inside GitLab Python Package

In what's becoming an all-too-common occurrence in the current threat landscape, security researchers have found yet another malicious open source package, this time an active Python file on GitLab ...
ZDNet

PyPI, GitLab dealing with spam attacks

Spammers have inundated the Python Package Index (PyPI) portal and the GitLab source code hosting website with garbage content, flooding both with ads for shady sites and services. The attacks were ...
Dark Reading

GitLab's AI Assistant Opened Devs to Code Theft

An indirect prompt injection flaw in GitLab's artificial intelligence (AI) assistant could have allowed attackers to steal source code, direct victims to malicious websites, and more. In fact, ...
Ars Technica

Researchers cause GitLab AI developer assistant to turn safe code malicious

Marketers promote AI-assisted developer tools as workhorses that are essential for today’s software engineer. Developer platform GitLab, for instance, claims its Duo chatbot can “instantly generate a ...