Post Syndicated from original https://lwn.net/Articles/875154/rss

The Record is reporting
on massive exploitation of an oldish vulnerability in GitLab instances.

While the purpose of these attacks remained unclear for HN
Security, yesterday, Google’s Menscher said the hacked servers were
part of a botnet comprising of “thousands of compromised GitLab
instances” that was launching large-scale DDoS attacks.

The vulnerability was fixed
in April, but evidently a lot of sites have not updated.