The latest 2025 Broadband Genie router security survey reveals alarming trends in network security awareness among internet users. This year’s results, while showing marginal improvements in some areas, underscore the persistent gap between knowing how to secure a network and actually taking action. The research team conducted their fourth comprehensive router security survey to compare […]
The latest 2025 Broadband Genie router security survey reveals alarming trends in network security awareness among internet users. This year’s results, while showing marginal improvements in some areas, underscore the persistent gap between knowing how to secure a network and actually taking action. The research team conducted their fourth comprehensive router security survey to compare […]
A critical vulnerability in OpenAI’s newly launched ChatGPT Atlas browser enables attackers to inject malicious instructions into ChatGPT’s memory and execute remote code on user systems.
This flaw, uncovered by LayerX, exploits Cross-Site Request Forgery (CSRF) to hijack authenticated sessions, potentially infecting devices with malware or granting unauthorized access. The discovery highlights escalating risks in agentic AI browsers, where integrated LLMs amplify traditional web threats.
Reported to OpenAI under responsible disclosure protocols, the vulnerability affects ChatGPT users across browsers but poses heightened dangers for Atlas adopters due to its always-on authentication and weak phishing defenses.
LayerX’s tests revealed that Atlas blocks only 5.8% of phishing attempts, compared to 47-53% for Chrome and Edge, making its users up to 90% more exposed. While OpenAI has not publicly detailed patches, experts urge immediate mitigations like enhanced token validation.
How the CSRF Exploit Targets ChatGPT Memory
The attack begins with a user logged into ChatGPT, storing authentication cookies or tokens in their browser. Attackers lure victims to a malicious webpage via phishing links, which then trigger a CSRF request leveraging the existing session.
This forged request injects hidden instructions into ChatGPT’s “Memory” feature, designed to retain user preferences and context across sessions without explicit repetition.
Unlike standard CSRF impacts like unauthorized transactions, this variant targets AI systems by tainting the LLM’s persistent “subconscious.”
Once embedded, malicious directives activate during legitimate queries, compelling ChatGPT to generate harmful outputs such as remote code fetches from attacker-controlled servers. The infection persists across devices and browsers tied to the account, complicating detection and remediation.
The attached diagram illustrates the attack flow: from credential hijacking to memory injection and remote execution.
Atlas’s default login to ChatGPT keeps credentials readily available, streamlining CSRF exploitation without additional token phishing.
LayerX evaluated Atlas against 103 real-world attacks, finding it permitted 94.2% to succeed, far worse than competitors like Perplexity’s Comet, which failed 93% in prior tests. This stems from the absence of built-in protections, turning the browser into a prime vector for AI-specific threats like prompt injection.
Broader research echoes these concerns; Brave’s analysis of AI browsers, including Atlas, exposed indirect prompt injections that embed commands in webpages or screenshots, leading to data exfiltration or unauthorized actions.
OpenAI’s agentic features, allowing autonomous tasks, exacerbate risks by granting the AI decision-making power over user data and systems.
Proof-of-Concept: Malicious ‘Vibe Coding’
In a demonstrated scenario, attackers target “vibe coding,” where developers collaborate with AI on high-level project intents rather than rigid syntax.
Injected memory instructions subtly alter outputs, embedding backdoors or exfiltration code in generated scripts, such as pulling malware from a server like “server.rapture.”
ChatGPT may issue subtle warnings, but sophisticated masking often evades them, allowing seamless delivery of tainted code. Users downloading these scripts risk system compromise, underscoring how AI flexibility invites abuse.
This PoC aligns with emerging exploits in tools like Gemini, where similar injections access shared corporate data.
As AI browsers proliferate, vulnerabilities like this demand robust safeguards beyond basic browser tech. Enterprises should prioritize third-party extensions for visibility, while users enable multi-factor authentication and monitor sessions.
LayerX’s findings reinforce that without swift updates, Atlas could redefine AI security pitfalls.
Cybersecurity researchers have discovered a new vulnerability in OpenAI’s ChatGPT Atlas web browser that could allow malicious actors to inject nefarious instructions into the artificial intelligence (AI)-powered assistant’s memory and run arbitrary code.
“This exploit can allow attackers to infect systems with malicious code, grant themselves access privileges, or deploy malware,” LayerX
In March 2025, security researchers at Kaspersky detected a sophisticated campaign exploiting a previously unknown Chrome vulnerability to deliver advanced spyware to high-profile targets. The attack, dubbed Operation ForumTroll, leveraged personalized phishing links to compromise organizations across Russia, including media outlets, universities, research centers, government agencies, and financial institutions. A single click on a malicious […]
In March 2025, security researchers at Kaspersky detected a sophisticated campaign exploiting a previously unknown Chrome vulnerability to deliver advanced spyware to high-profile targets. The attack, dubbed Operation ForumTroll, leveraged personalized phishing links to compromise organizations across Russia, including media outlets, universities, research centers, government agencies, and financial institutions. A single click on a malicious […]
Microsoft is actively probing a glitch in its Teams platform that’s disrupting text-to-speech features, leaving users frustrated during critical auto-attendant calls.
The company confirmed the problem via its official Microsoft 365 Status account on X (formerly Twitter) on October 27, 2025, urging administrators to check incident TM1180557 in the admin center for updates.
This outage highlights ongoing challenges in Microsoft’s cloud-based communication tools, which millions rely on for business operations.
The issue specifically affects text-to-speech conversion in auto-attendant scenarios, where Teams is configured to handle incoming calls with automated voice responses.
We're investigating an issue with text-to-speech functionality during auto-attendant calls in Microsoft Teams. More information can be found under TM1180557 in the admin center.
Users report that the functionality fails to process scripted messages, resulting in silent or incomplete greetings that derail customer service flows and internal communications.
Early complaints surfaced on forums like Reddit and Microsoft’s community boards, with some organizations noting disruptions since early Monday.
For enterprises using Teams as a primary VoIP solution, this means potential lost productivity and strained client interactions, especially in high-volume call centers.
Microsoft’s status update indicates the investigation is underway, but no estimated resolution time has been provided. The glitch appears isolated to text-to-speech during auto-attendant use and does not impact core calling or video features.
Still, it underscores vulnerabilities in AI-driven voice tech, which has become integral to hybrid work environments post-pandemic. This incident arrives amid Microsoft’s push to enhance Teams with advanced AI integrations, including Copilot for voice assistance.
Analysts suggest the bug could stem from recent updates to the platform’s speech synthesis engine, possibly tied to compatibility issues with certain server configurations.
Microsoft advises affected users to monitor the admin center and consider temporary workarounds, such as fallback to manual attendant scripts.
As the probe continues, businesses are bracing for prolonged effects, with hopes for a swift patch to restore seamless operations.
We've resolved the issue, and further details are being provided under TM1180557 in the admin center.
Qilin ransomware has emerged as one of the most devastating threats in the second half of 2025, operating at an alarming pace with over 40 victim disclosures per month on its public leak site.
Originally tracked under the name Agenda before rebranding to Qilin around July 2022, this ransomware-as-a-service platform has evolved into a global menace affecting organizations across multiple continents and industrial sectors.
The group’s dual-extortion model combines file encryption with data theft and public disclosure, creating compounded pressure on victims to pay extortion demands.
Manufacturing represents the hardest-hit sector at 23% of all cases, trailed by professional services at 18%, while the United States faces the highest concentration of attacks.
The threat landscape reveals Qilin’s sophisticated attack infrastructure spanning from initial access through data exfiltration to final encryption and persistence mechanisms.
Cisco Talos analysts identified that attackers typically gain network entry through compromised VPN credentials sourced from dark web leaks, combined with the absence of multi-factor authentication protections.
Initial intrusion via VPN (Source – Cisco Talos)
Once inside victim networks, operators perform extensive reconnaissance using legitimate Windows utilities like nltest.exe and net.exe to map domain infrastructure and identify high-value targets.
The investigation uncovered that Qilin operators employ a methodical data harvesting approach before deploying encryption payloads, allowing them to identify and exfiltrate the most sensitive company information before triggering system-wide encryption.
Cisco Talos analysts identified a particularly ingenious technique where attackers leverage built-in Windows applications to locate sensitive files during the reconnaissance phase.
The research reveals that artifact logs consistently show mspaint.exe and notepad.exe being executed to manually inspect and view high-sensitivity information across network storage systems.
Rather than relying solely on automated file discovery scripts, operators use these seemingly innocuous applications to open and review files, perhaps to verify data quality before compression and exfiltration.
This manual inspection approach allows attackers to prioritize the most valuable intellectual property, financial records, and confidential documents while avoiding common security signatures associated with automated data discovery tools.
Dual-Encryptor Deployment Strategy
The dual-encryptor deployment strategy further demonstrates operational sophistication within the Qilin ecosystem.
The first variant, encryptor_1.exe, spreads laterally using PsExec across compromised hosts with administrator privileges and internal password specifications hardcoded into the binary.
The second variant, encryptor_2.exe, operates from a single system to encrypt multiple network shares simultaneously, maximizing coverage and impact across distributed infrastructure.
Before encryption initiates, operators establish persistence through scheduled tasks named TVInstallRestore and registry modifications under RUN keys, ensuring ransomware survives system reboots.
The malware specifically targets critical infrastructure including Cluster Shared Volumes hosting Hyper-V virtual machines and databases while deliberately excluding system files required for boot functionality, a calculated approach ensuring victims cannot easily recover through operating system reinstallation.
For data exfiltration, Qilin operators employ Cyberduck, an open-source file transfer utility that obscures malicious activity within legitimate cloud service traffic directed toward Backblaze servers.
Before data departure, administrators deploy WinRAR with specialized parameters excluding base folders and disabling recursive subdirectory processing, creating optimized archive configurations.
The combination of manual file inspection using standard Windows applications, sophisticated deployment tactics, and cloud-based exfiltration represents a mature threat operation demanding comprehensive detection and response capabilities from organizations worldwide.
Follow us on Google News, LinkedIn, and X to Get More Instant Updates, Set CSN as a Preferred Source in Google.
As iOS 26 is being rolled out, a critical forensic challenge has emerged: the operating system now automatically overwrites the shutdown.log file on every reboot, effectively erasing crucial evidence of Pegasus and Predator spyware infections. This development represents a significant setback for forensic investigators and users seeking to determine whether their devices have been compromised—particularly […]
As iOS 26 is being rolled out, a critical forensic challenge has emerged: the operating system now automatically overwrites the shutdown.log file on every reboot, effectively erasing crucial evidence of Pegasus and Predator spyware infections. This development represents a significant setback for forensic investigators and users seeking to determine whether their devices have been compromised—particularly […]
.webp)