GitLab Duo Vulnerability Enabled Attackers to Hijack AI Responses with Hidden Prompts

May 23, 2025

Cybersecurity researchers have discovered an indirect prompt injection flaw in GitLab’s artificial intelligence (AI) assistant Duo that could have allowed attackers to steal source code and inject untrusted HTML into its responses, which could then be used to direct victims to malicious websites.
GitLab Duo is an artificial intelligence (AI)-powered coding assistant that enables users to write,

Source: Read More

Previous ArticleCISA Warns of Suspected Broader SaaS Attacks Exploiting App Secrets and Cloud Misconfigs

Next Article Danabot: Analyzing a fallen empire

Highlights

CVE-2025-49130 – Laravel Translation Manager Stored Cross-Site Scripting Vulnerability

June 9, 2025

CVE ID : CVE-2025-49130

Published : June 9, 2025, 1:15 p.m. | 2 hours, 25 minutes ago

Description : Laravel Translation Manager is a package to manage Laravel translation files. Prior to version 0.6.8, the application is vulnerable to Cross-Site Scripting (XSS) attacks due to incorrect input validation and sanitization of user-input data. An attacker can inject arbitrary HTML code, including JavaScript scripts, into the page processed by the user’s browser, allowing them to steal sensitive data, hijack user sessions, or conduct other malicious activities. Only authenticated users with access to the translation manager are impacted. The issue is fixed in version 0.6.8.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Droip: The Modern Website Builder WordPress Needed

Last week in AI dev tools: Cloudflare blocking AI crawlers by default, Perplexity Max subscription, and more (July 7, 2025)

Infragistics Launches Ultimate 25.1 With Major Updates to App Builder, Ignite UI

Design Guidelines For Better Notifications UX

There’s a massive 42% Amazon Prime Day discount on the Razer DeathAdder V3 Pro — One of the best gaming mice we gave a near-perfect score to

This 360Hz QD-OLED monitor is more than magnificent — and it’s $280 off right now

Diablo 4, one of Blizzard’s best Xbox games, is now 64% off — a devilish Anti-Amazon Prime Day discount that’s worth taking over Amazon’s deals

“One of the best and most premium charging accessories” — Razer Universal Quick Charging Stand for Xbox is 40% off

AI and Digital Trends Marketing and IT Leaders Need to Know

AI and Digital Trends Marketing and IT Leaders Need to Know

Blade Authorization Directives for View Security

Laravel AI Chat Starter Kit

There’s a massive 42% Amazon Prime Day discount on the Razer DeathAdder V3 Pro — One of the best gaming mice we gave a near-perfect score to

There’s a massive 42% Amazon Prime Day discount on the Razer DeathAdder V3 Pro — One of the best gaming mice we gave a near-perfect score to

This 360Hz QD-OLED monitor is more than magnificent — and it’s $280 off right now

Diablo 4, one of Blizzard’s best Xbox games, is now 64% off — a devilish Anti-Amazon Prime Day discount that’s worth taking over Amazon’s deals

GitLab Duo Vulnerability Enabled Attackers to Hijack AI Responses with Hidden Prompts

Introducing Gemma 3

Experiment with Gemini 2.0 Flash native image generation

50+ Best Branding Identity Mockup Templates for Designers

CVE-2022-47111 – 7-Zip XZ File Format Parsing Vulnerability

DDoS-for-Hire Empire Dismantled as Poland Arrests Four, U.S. Seizes Nine Domains

How Apple’s biggest potential acquisition ever could perplex AI rivals like Google

CVE-2025-49130 – Laravel Translation Manager Stored Cross-Site Scripting Vulnerability

Forget Siri: Elon Musk’s Grok Just Took Over Your iPhone

CVE-2025-49154 – Trend Micro Apex One, Trend Micro Worry-Free Business Security Memory Corruption Vulnerability

The MIT-Portugal Program enters Phase 4

GitLab Duo Vulnerability Enabled Attackers to Hijack AI Responses with Hidden Prompts

Related Posts