GitLab warns of high-severity 2FA bypass, denial-of-service flaws

GitLab has patched a high-severity two-factor authentication bypass impacting community and enterprise editions of its ...
CSO Online

GitLab 2FA login protection bypass lets attackers take over accounts

The platform warns users of on-premises versions to upgrade to the latest versions; SaaS versions have been patched.
Cybernews

Pharma corporation leaks 8M+ messages, employee records

South Korean pharma giant Boryung Corporation leaked 8 million internal messages and employee records via an exposed MongoDB ...

Chainlit AI framework bugs let hackers breach cloud environments

Two high-severity vulnerabilities in Chainlit, a popular open-source framework for building conversational AI applications, ...
The Hacker News

Automated FortiGate Attacks Exploit FortiCloud SSO to Alter Firewall Configurations

Arctic Wolf reports automated attacks on FortiGate devices abusing FortiCloud SSO flaws to change firewall settings and steal ...
Security Boulevard

Enterprise-Grade Identity Verification for AI-Enhanced Workflows

Enterprise-grade identity verification is critical for AI-driven businesses to prevent fraud, ensure compliance, and secure digital identities across onboarding, access control, and automated ...

What’s a browser-in-browser attack? The key traits to know

This dirty hack can trick people into accidentally sharing sensitive info—like Facebook login credentials. Here’s how to ...

Millions of people imperiled through sign-in links sent by SMS

Websites that authenticate users through links and codes sent in text messages are imperiling the privacy of millions of people, leaving them vulnerable to scams, identity theft, and other crimes, ...
WinBuzzer

Hackers Breach Fortune 500 Companies Exploiting Security Testing Apps

Cybersecurity researchers from Pentera have discovered 1,926 vulnerable security training applications exposed online, with ...