Bitcoin ATM firm Byte Federal hacked via GitLab flaw, 58K users exposed

December 12, 2024 at 11:09AM Byte Federal, the largest U.S. Bitcoin ATM operator, experienced a data breach affecting 58,000 customers due to a GitLab vulnerability. Sensitive information like names, social security numbers, and contact details were accessed. The company has secured its systems and urges customers to monitor for fraud but does not offer identity … Read more

Hackers Hide Remcos RAT in GitHub Repository Comments

October 9, 2024 at 05:06PM GitHub and GitLab are increasingly targeted for malicious activities, including a malware campaign using legitimate GitHub repositories and an exploit allowing unauthorized access to users in GitLab. Attackers leverage the platforms’ trusted reputations to deploy malware, highlighting significant security risks for organizations using these collaborative tools. ### Meeting Takeaways: 1. … Read more

Critical GitLab Bug Threatens Software Development Pipelines

June 28, 2024 at 04:52PM A critical GitLab vulnerability (CVE-2024-5655) allows an attacker to run a pipeline as another user. This affects versions 15.8 to 16.11.5 and 17.0 to 17.1.1. The updates address 14 security issues, with one critical, 9 medium, and 3 high severity. Exploiting this vulnerability poses a compliance risk and potential revenue … Read more

1,400 GitLab Servers Impacted by Exploited Vulnerability

May 2, 2024 at 08:09AM GitLab’s email verification vulnerability, tracked as CVE-2023-7028 and with a severity score of 10/10, allowed for password hijacking. GitLab has patched this issue in versions 16.5.6, 16.6.4, and 16.7.2. CISA warns of active exploitation and federal agencies must address vulnerable instances by May 22 under BOD 22-01. All organizations should … Read more

New Python-Based Snake Info Stealer Spreading Through Facebook Messages

March 7, 2024 at 03:33AM Threat actors are using Facebook messages to distribute the Python-based information stealer called Snake, aiming to capture sensitive data like credentials and cookies. The malware is designed to transmit harvested credentials to platforms like Discord, GitHub, and Telegram. It also targets Vietnamese users and reflects a concerning rise in account … Read more