CSOonline

Prompt injection flaws in GitLab Duo highlights risks in AI assistants

Researchers managed to trick GitLab’s AI-powered coding assistant to display malicious content to users and leak private source code by injecting hidden prompts in code comments, commit messages and ...
TechRepublic

GitLab Vulnerability ‘Highlights the Double-Edged Nature of AI Assistants’

GitLab Vulnerability ‘Highlights the Double-Edged Nature of AI Assistants’ Your email has been sent A remote prompt injection flaw in GitLab Duo allowed attackers ...
Dark Reading

GitLab's AI Assistant Opened Devs to Code Theft

An indirect prompt injection flaw in GitLab's artificial intelligence (AI) assistant could have allowed attackers to steal source code, direct victims to malicious websites, and more. In fact, ...
InfoQ

Analysis and Mitigation of NoSQL Injections

A monthly overview of things you need to know as an architect or aspiring architect. Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with ...
eWeek

JavaScript Injection Attacks Hit .Gov Targets

eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. Malware researchers have flagged a massive outbreak of ...
Lifehacker

This Tool Checks If In-App Browsers Are Tracking You

In-app browsers are bunk compared to full-featured browsing apps, but they’re also a major privacy and security risk. Many apps sneak data trackers onto websites you visit through their in-app browser ...
CSOonline

Facebook porn attack caused by self-inflicted JavaScript injection, researcher says

I came across an interesting analysis of the recent, pornographic Facebook spam attack written by Mike Geide, senior security researcher at Zscaler ThreatLabZ. In a blog post, he writes that the ...