CSTI
    breachThe Commercial Era (2000-Present) Daily Briefing Landmark Event

    Red Hat GitLab Breach Exposes 28,000 Repositories: Urgent Action Required

    Friday, October 3, 2025

    Red Hat GitLab Breach Exposes 28,000 Repositories: Urgent Action Required

    On October 3, 2025, Red Hat confirmed a critical breach involving a GitLab instance utilized for its consulting services. Cybercriminals claimed to have stolen approximately 570 GB of data, affecting over 28,000 private repositories. The stolen information may include sensitive network details, authentication tokens, and other critical data, posing a significant risk to organizations that have engaged with Red Hat Consulting. This incident not only jeopardizes the integrity of the affected repositories but also sets a worrying precedent regarding the security of consulting platforms. Organizations are urged to assess their interactions with Red Hat and reinforce their security protocols accordingly. For more information, visit the SANS report.

    Also In Security Today

    • Milesight Router Exploitation: Cybercriminals are exploiting vulnerabilities in Milesight industrial cellular routers, launching phishing SMS campaigns across Europe. Around 18,000 routers are currently publicly accessible, putting many at risk. DIESEC
    • Google's Corporate Extortion Campaign: Google disclosed an extensive email extortion campaign targeting corporate executives, linked to the Cl0p ransomware gang. Attackers claim to have stolen sensitive data from Oracle, but verification remains pending. DIESEC
    • CISA Vulnerability Alerts: CISA has added multiple vulnerabilities to its Known Exploited Vulnerabilities catalog, underscoring urgent risks associated with products from SolarWinds and Ivanti. Organizations should take immediate action to patch these vulnerabilities. The Hacker News

    Analyst's Take

    Today's breach at Red Hat signifies a critical failure in securing development environments, emphasizing the need for robust access controls and monitoring. As threat actors continue to exploit vulnerabilities in both software and hardware, defenders must prioritize securing APIs and conducting regular audits of their environments. The rise in phishing campaigns targeting corporate executives highlights the necessity for comprehensive employee training and awareness programs. Organizations should not only patch known vulnerabilities but also enhance their threat detection capabilities to prevent future incidents.

    Sources

    Red Hat GitLab breach cybersecurity data theft