Critical GitLab Bug Under Exploit Enables Account Takeover, CISA Warns
Patch now: Cyberattackers are exploiting CVE-2023-7028 (CVSS 10) to take over and lock users out of GitLab accounts, steal source code, and more.
Patch management fixes known software flaws before attackers exploit them, reducing intrusion risk; prioritize critical systems and verify deployment.
Search across headline titles and summaries.
Background for this topic.
Patch is a software, firmware, or configuration update that fixes a defect, including a vulnerability an attacker could use to gain access, execute code, escalate privileges, or expose data. Patching reduces the exploitable attack surface across operating systems, applications, network devices, and embedded systems; it does not remove risk from unsupported or misconfigured assets, and updates can sometimes introduce compatibility or availability problems.
Effective patch management starts with an accurate inventory and vulnerability assessment, then prioritizes internet-facing systems, high-impact assets, and flaws known to be exploited. Organizations should test updates where practical, deploy them within defined time limits, verify installation, and retain rollback or compensating controls when immediate patching is unsafe. Monitoring vendor advisories and threat intelligence can identify urgent fixes, while documenting exceptions and coverage supports vulnerability management and audit requirements.
Patch now: Cyberattackers are exploiting CVE-2023-7028 (CVSS 10) to take over and lock users out of GitLab accounts, steal source code, and more.
Ten vulnerabilities in total for admins to apply Network admins are being urged to patch a bundle of critical vulnerabilities in ArubaOS that lead to remote code execution as a privileged user.…
Warning comes exactly a year after the vulnerability was introduced The US Cybersecurity and Infrastructure Security Agency (CISA) is forcing all federal agencies to patch a critical vulnerability in GitLab's Community and Enterprise editions, confirming it is very much under "active exploit."…
Experts Warn That Human Failures Have Led to Surge in Successful Zero-Day ExploitsVerizon executives warned that cyber defenders are struggling with fatigue amid a surge in cyberattacks targeting zero-day exploits and other vulnerabilities. It takes most enterprises nearly 55 days on average to mitigate 50% of critical vulnerabilities once patches become available, the DBIR says.
US CISA Orders Federal Agencies to Apply January PatchThe U.S. federal government's cybersecurity agency warned that hackers are exploiting a vulnerability in DevOps platform GitLab that was patched in January. The vulnerability allows hackers to use the "forgot your password" function to send a reset link to an attacker-controlled inbox.
MOVEit drove a big chunk of the increase, but human vulnerability to social engineering and failure to patch known bugs led to a doubling of breaches since 2023, said Verizon Business.
An ACE in the hole for miscreants The open source R programming language – popular among statisticians and data scientists for performing visualization, machine learning, and suchlike – has patched an arbitrary code execution hole that scored a preliminary CVSS severity rating of 8.8 out of 10.…
The Siemens Simatic Energy Manager Used an Unsafe BinaryFormatter MethodResearchers detailed a deserialization vulnerability in Siemens software used to monitor energy consumption in industrial settings and attributed the flaw to the German conglomerate's decision to use a programming method that has known security risks.