This is the best summary I could come up with:

---

A maximum severity vulnerability that allows hackers to hijack GitLab accounts with no user interaction required is now under active exploitation, federal government officials warned as data showed that thousands of users had yet to install a patch released in January.

The move was designed to permit resets when users didn’t have access to the email address used to establish the account.

While exploits require no user interaction, hijackings work only against accounts that aren’t configured to use multifactor authentication.

By hacking a single, carefully selected target, attackers gain the means to infect thousands of downstream users, often without requiring them to take any action at all.

According to Internet scans performed by security organization Shadowserver, more than 2,100 IP addresses showed they were hosting one or more vulnerable GitLab instances.

The agency made no mention of MFA, but any GitLab users who haven’t already done so should enable it, ideally with a form that complies with the FIDO industry standard.

---

The original article contains 415 words, the summary contains 161 words. Saved 61%. I’m a bot and I’m open source!