All news with #gitlab tag

Wed, November 19, 2025

Hidden Risks in DevOps Stacks and Data Protection Strategies

#Backup #GitHub #GitLab #Bitbucket #Azure DevOps #GitProtect #Ransomware #Supply Chain Backdoor #Secrets Exposure

🔒 DevOps platforms like GitHub, GitLab, Bitbucket, and Azure DevOps accelerate development but also introduce data risks from misconfigurations, exposed credentials, and service outages. Under the SaaS shared responsibility model, customers retain liability for protecting repository data and must enforce MFA, RBAC, and tested backups. Third-party immutable backups and left-shifted security practices are recommended to mitigate ransomware, insider threats, and accidental deletions.

Mon, November 17, 2025

Job-test malware campaign shifts to public JSON dropboxes

#BeaverTail #InvisibleFerret #Supply-Chain Incident #GitHub #GitLab #Data Exfil via Tools #Secrets Exposure

🔎 The Contagious Interview campaign is delivering trojanized coding tests that fetch heavily obfuscated JavaScript from public JSON-storage services such as JSON Keeper, JSONSilo, and npoint.io. When executed in a Node.js test run the payloads decode and install the BeaverTail infostealer and then stage the InvisibleFerret RAT. NVISO Labs warns attackers are abusing developer trust and legitimate platforms and recommends sandboxing, auditing config files, and blocking suspicious outbound requests.

Wed, October 29, 2025

SBOM Implementation: Eight Best Tools for Supply Chains

#SBOM #SCA #SPDX #CycloneDX #GitLab #Anchore #FOSSA #Mend

🔍 To secure modern software you must know what's inside it, and a Software Bill of Materials (SBOM) provides that transparency. An SBOM should be machine-readable, include component, version, license and patch data, and be generated automatically in CI/CD using standards like SPDX, CycloneDX or SWID. The article reviews eight tools — including Anchore, FOSSA, GitLab and Mend — that generate, analyze and manage SBOMs across the build, registry and runtime lifecycles.

Thu, October 2, 2025

Red Hat Confirms GitLab Breach Affecting Consulting

#Data Breach #Red Hat #GitLab #Data Leak

🔒 Red Hat confirmed a security incident after an extortion group calling itself the Crimson Collective claimed to have stolen nearly 570GB of compressed data from roughly 28,000 internal repositories in a GitLab instance used solely for consulting engagements. The group alleges the haul includes about 800 Customer Engagement Reports (CERs) that may contain infrastructure details, authentication tokens, and database URIs. Red Hat says it is remediating the issue, has not verified the attackers' specific claims, and believes its software supply chain and other services remain unaffected.