-
OpenAI Codex vulnerability allowed attackers to steal GitHub tokens via malicious branch names using hidden Unicode command injection flaw.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Threat actors are now abusing Google’s Firebase App Distribution service to push fake Android ChatGPT and Meta advertising apps that steal Facebook credentials and enable account takeover. The operation closely mirrors a recent iOS phishing campaign th…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
OAuth consent in Entra ID can grant apps like ChatGPT email access after approval, exposing hidden risks that may bypass MFA and enable persistent access.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
OpenAI has confirmed that Chinese-linked operators misused ChatGPT as part of a broader campaign that blended cyber operations, online harassment, and covert influence tactics, according to its latest threat report “Disrupting malicious uses of AI.” …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
OAuth consent attacks in Microsoft Entra ID are giving threat actors a stealthy path to cloud email, and even trusted apps like ChatGPT can become a vehicle if permissions are abused. In this hypothetical case, a user in an Entra ID tenant adds the leg…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A technical mistake in the popular Chat & Ask AI app has left 300 million private messages from 25 million users exposed online. Discover what happened and how you can protect your personal data when using AI chatbots.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Threat actors are abusing shareable ChatGPT and Grok conversations and pushing them with Google Search ads to trick macOS users into running Terminal commands that install the Atomic macOS Stealer (AMOS). This campaign shows how attackers now blend soc…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
OpenAI has unveiled Trusted Access for Cyber, a new identity- and trust-based framework designed to enhance cybersecurity defenses while mitigating risks posed by its most advanced AI models. The initiative centers on GPT-5.3-Codex, OpenAI’s most…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A coordinated campaign of 16 malicious GPT optimisers has been caught hijacking ChatGPT accounts. These tools steal session tokens to access private chats, Slack, and Google Drive files.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Advanced large language models can autonomously develop working exploits for zero-day vulnerabilities, marking a significant shift in the offensive cybersecurity landscape. The research demonstrates that artificial intelligence systems can now perform …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
