Marketed as ChatGPT enhancement and productivity tools, the extensions allow the threat actor to access the victim’s ChatGPT data.
The post Chrome, Edge Extensions Caught Stealing ChatGPT Sessions appeared first on SecurityWeek.
‘ZombieAgent’ Attack Let Researchers Take Over ChatGPT
Radware bypassed ChatGPT’s protections to exfiltrate user data and implant a persistent logic into the agent’s long-term memory.
The post ‘ZombieAgent’ Attack Let Researchers Take Over ChatGPT appeared first on SecurityWeek.
ChatGPT Vulnerability Exposed Underlying Cloud Infrastructure
A researcher found a way to exploit an SSRF vulnerability related to custom GPTs to obtain an Azure access token.
The post ChatGPT Vulnerability Exposed Underlying Cloud Infrastructure appeared first on SecurityWeek.
Researchers Hack ChatGPT Memories and Web Search Features
Tenable researchers discovered seven vulnerabilities, including ones affecting the latest GPT model.
The post Researchers Hack ChatGPT Memories and Web Search Features appeared first on SecurityWeek.
ChatGPT Atlas’ Omnibox Is Vulnerable to Jailbreaks
Researchers have discovered that a prompt can be disguised as an url, and accepted by Atlas as an url in the omnibox.
The post ChatGPT Atlas’ Omnibox Is Vulnerable to Jailbreaks appeared first on SecurityWeek.
ChatGPT Tricked Into Solving CAPTCHAs
The AI agent was able to solve different types of CAPTCHAs and adjusted its cursor movements to better mimic human behavior.
The post ChatGPT Tricked Into Solving CAPTCHAs appeared first on SecurityWeek.
ChatGPT Deep Research Targeted in Server-Side Data Theft Attack
OpenAI has fixed this zero-click attack method called by researchers ShadowLeak.
The post ChatGPT Deep Research Targeted in Server-Side Data Theft Attack appeared first on SecurityWeek.
ChatGPT’s Calendar Integration Can Be Exploited to Steal Emails
Researchers show how a crafted calendar invite can trigger ChatGPT to exfiltrate sensitive emails.
The post ChatGPT’s Calendar Integration Can Be Exploited to Steal Emails appeared first on SecurityWeek.
GPT-5 Has a Vulnerability: Its Router Can Send You to Older, Less Safe Models
Instead of GPT-5 Pro, your query could be quietly redirected to an older, weaker model, opening the door to jailbreaks, hallucinations, and unsafe outputs.
The post GPT-5 Has a Vulnerability: Its Router Can Send You to Older, Less Safe Models appeared first on SecurityWeek.
Red Teams Jailbreak GPT-5 With Ease, Warn It’s ‘Nearly Unusable’ for Enterprise
Researchers demonstrate how multi-turn “storytelling” attacks bypass prompt-level filters, exposing systemic weaknesses in GPT-5’s defenses.
The post Red Teams Jailbreak GPT-5 With Ease, Warn It’s ‘Nearly Unusable’ for Enterprise appeared first on SecurityWeek.