Attackers are actively exploiting an “old” vulnerability (CVE-2021-22205) to take over on-premise GitLab servers, Rapid7 researcher Jacob Baines warns. The additional bad news is that at least half of the 60,000 internet-facing GitLab installations the company detects are not patched against this issue.

What are the attackers doing with these servers? Damian Menscher, a security reliability engineer responsible for DDoS defense at Google, says that some of them are used to generate DDoS attacks: