GitLab Duo Vulnerability Enabled Attackers to Hijack AI Responses with Hidden Prompts

May 23, 2025

Cybersecurity researchers have discovered an indirect prompt injection flaw in GitLab’s artificial intelligence (AI) assistant Duo that could have allowed attackers to steal source code and inject untrusted HTML into its responses, which could then be used to direct victims to malicious websites.
GitLab Duo is an artificial intelligence (AI)-powered coding assistant that enables users to write,

Source: Read More

Previous ArticleCISA Warns of Suspected Broader SaaS Attacks Exploiting App Secrets and Cloud Misconfigs

Next Article Danabot: Analyzing a fallen empire

Highlights

CVE-2025-32794 – OpenEMR Cross-Site Scripting (XSS) Vulnerability

May 23, 2025

CVE ID : CVE-2025-32794

Published : May 23, 2025, 4:15 p.m. | 2 hours, 37 minutes ago

Description : OpenEMR is a free and open source electronic health records and medical practice management application. A stored cross-site scripting (XSS) vulnerability in versions prior to 7.0.3.4 allows any authenticated user with patient creation privileges to inject arbitrary JavaScript code into the system by entering malicious payloads in the First and Last Name fields during patient registration. This code is later executed when viewing the patient’s encounter under Orders → Procedure Orders. Version 7.0.3.4 contains a patch for the issue.

Severity: 7.6 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

A Week In The Life Of An AI-Augmented Designer

This week in AI updates: Gemini Code Assist Agent Mode, GitHub’s Agents panel, and more (August 22, 2025)

Microsoft adds Copilot-powered debugging features for .NET in Visual Studio

Blackstone portfolio company R Systems Acquires Novigo Solutions, Strengthening its Product Engineering and Full-Stack Agentic-AI Capabilities

I found the ultimate MacBook Air alternative for Windows users – and it’s priced well

Outdated IT help desks are holding businesses back – but there is a solution

Android’s latest update can force apps into dark mode – how to see it now

I tried the Google Pixel Watch 4 – and these key features made it feel indispensable

Building Cross-Platform Alerts with Laravel’s Notification Framework

Building Cross-Platform Alerts with Laravel’s Notification Framework

Add Notes Functionality to Eloquent Models With the Notable Package

How to install OpenPlatform — IoT platform

Basics of Digital Forensics

Basics of Digital Forensics

Top Linux Server Automation Tools: Simplifying System Administration

Rising from the Ashes: How AlmaLinux and Rocky Linux Redefined the Post-CentOS Landscape

GitLab Duo Vulnerability Enabled Attackers to Hijack AI Responses with Hidden Prompts

Building Cross-Platform Alerts with Laravel’s Notification Framework

Add Notes Functionality to Eloquent Models With the Notable Package

Best USB WiFi Adapter For Kali Linux 2023 [Updated September]

8 Best Free and Open Source NVIDIA GPU Monitoring Tools

Worried about ChatGPT saving your chat data? Don’t be – just click this one button

Learn Interactive Data Visualization with Svelte and D3

CVE-2025-32794 – OpenEMR Cross-Site Scripting (XSS) Vulnerability

From private to public: How a United Nations organization open sourced its tech in four steps

You Are What You Eat: Why Your AI Security Tools Are Only as Strong as the Data You Feed Them

ABBYY’s new OCR API enables developers to more easily extract data from documents

GitLab Duo Vulnerability Enabled Attackers to Hijack AI Responses with Hidden Prompts

Related Posts