A critical GitLab bug (CVE-2023-7028) with a CVSS 10 severity score is actively exploited, allowing attackers to reset passwords, takeover accounts, steal source code; CISA urges patching as there are public exploits, warns of threat to FCEB networks, emphasizes need for swift mitigation and upgrade plans, stresses the importance of MFA, zero-trust architecture, privileged access management, and regular password rotation to counter such attacks affecting companies storing proprietary data and source code. ```
https://www.darkreading.com/application-security/critical-gitlab-bug-exploit-account-takeover-cisa