Zoom and GitLab Patch RCE, DoS, and 2FA Bypass Vulnerabilities

Both platforms serve as backbone infrastructure for remote work and software development, making these flaws particularly dangerous for business continuity.
ZDNet

GitLab fixes security issue that let anyone hijack custom domains

A security researcher hijacked hundreds of GitLab domains in just a few seconds by exploiting a weakness in how the company handles domain verification -- a security issue that the company has now ...
CSO Online

GitLab 2FA login protection bypass lets attackers take over accounts

The platform warns users of on-premises versions to upgrade to the latest versions; SaaS and web versions have been patched.
ZDNet

GitLab patches Elasticsearch private group data leak bug

A bug bounty researcher has been awarded $3000 for disclosing a security issue in GitLab leading to the exposure of private groups. The report was made public on the HackerOne bug bounty platform on ...