PT-2026-1715

Name of the Vulnerable Software and Affected Versions GitLab EE versions 18.5 through 18.5.4 GitLab EE versions 18.6 through 18.6.2 GitLab EE versions 18.7 through 18.7.0 Description An authenticated user could modify instance-wide AI feature provider settings due to missing authorization checks ...

BIT-GITLAB-2025-2867 Improper Control of Generation of Code ('Code Injection') in GitLab

An issue has been discovered in the GitLab Duo with Amazon Q affecting all versions from 17.8 before 17.8.6, 17.9 before 17.9.3, and 17.10 before 17.10.1. A specifically crafted issue could manipulate AI-assisted development features to potentially expose sensitive project data to unauthorized...

The new rules for AI and encrypted messaging, with Mallory Knodel (Lock and Code S06E01)

This week on the Lock and Code podcast … The era of artificial intelligence everything is here, and with it, come everyday surprises into exactly where the next AI tools might pop up. There are major corporations pushing customer support functions onto AI chatbots, Big Tech platforms offering AI...

Apple fixes Siri vulnerabilities that could have allowed sensitive data theft from locked device. Update now!

Apple has released security updates for many of its products in order to patch several vulnerabilities that could allow an attacker to steal sensitive information from a locked device. Included in the patches for Apple Watch, iOS, and iPadOS are four vulnerabilities in Siri. While your device is...