355
Over 5,300 GitLab servers exposed to zero-click account takeover attacks
(www.bleepingcomputer.com)
This is a most excellent place for technology news and articles.
If you have to use your GitHub 2fa to sign in that's fine I would assume.
This isn't necessarily true. If you are using an identity provider, you can still perform a password reset on GitLab and set a password there, bypassing your 2FA on GitHub. You usually shouldnt rely on IdP 2FA unless the destination system enforces IdP signin every time. There is a group setting in GitLab that does that, but it will only apply for that group.
Okay, thanks!