chatgpt

ChatGPhish: The Page Is the Payload

Researchers discovered a new phishing and tracking attack called ChatGPhish that exploits ChatGPT's page summarization feature by injecting malicious Markdown links and images into web pages. When users summarize such pages in ChatGPT, the assistant renders active clickable links, spoofed alerts, and QR codes within its trusted interface, enabling phishing, cross-origin data leakage, and off-device attacks without traditional browser protections. This expands the attack surface from email to everyday browsing, highlighting risks in AI-generated outputs that automatically render untrusted external content inside trusted AI interfaces.

https://permiso.io/blog/chatgpt-markdown-rendering-vulnerability

ChatGPT Data Leakage Via a Hidden Outbound Channel in the Code Execution Runtime

Check Point Research discovered a hidden outbound communication channel in ChatGPT's isolated code execution runtime that could silently exfiltrate sensitive user data without approval or notification. This vulnerability allowed a malicious prompt or backdoored GPT to leak user messages, uploaded files, and even establish remote shell access via DNS tunneling, bypassing OpenAI's intended safeguards designed to restrict external data transfer. OpenAI confirmed the issue and deployed a fix, highlighting the importance of securing all communication paths in AI systems that handle sensitive information.

https://research.checkpoint.com/2026/chatgpt-data-leakage-via-a-hidden-outbound-channel-in-the-code-execution-runtime/

I Hacked ChatGPT and Google’s AI – And It Only Took 20 Minutes

User hacked ChatGPT and Google's AI in 20 minutes. Demonstrated that AI tools can easily be manipulated to spread misinformation, even about serious topics. Created a fake ranking of “best tech journalists at eating hot dogs,” and AI accepted it as fact. Experts say AI is now easier to trick, raising concerns about misinformation's impact on public safety. Solutions include enhancing disclaimers and promoting critical thinking when using AI for information.

https://www.bbc.co.uk/future/article/20260218-i-hacked-chatgpt-and-googles-ai-and-it-only-took-20-minutes

Scam-checking Just Got Easier: Malwarebytes Is Now in ChatGPT

Malwarebytes integrates with ChatGPT to help users identify scams quickly. By asking “Malwarebytes, is this a scam?”, users receive informed answers and risk assessments on suspicious texts, emails, and links, backed by real-time threat intelligence. This tool helps streamline cybersecurity checks without jargon, offering guidance and practical next steps to enhance safety online.

https://www.malwarebytes.com/blog/product/2026/02/scam-checking-just-got-easier-malwarebytes-is-now-in-chatgpt

The AMOS Infostealer Is Piggybacking ChatGPT’s Chat-sharing Feature

Cybercriminals are spreading the AMOS (Atomic MacOS Stealer) infostealer using convincing Google ads and ChatGPT’s chat-sharing feature. Victims are directed to a legitimate-looking chatgpt.com page showing a fake guide to installing the non-existent Atlas browser for macOS. The guide instructs users to run a terminal command, which downloads malware, steals passwords, browser, and wallet data, and installs a persistent backdoor. Users are advised to avoid running terminal commands from untrusted sources, use trusted security solutions, and seek expert advice if instructions seem suspicious.

https://www.kaspersky.com/blog/share-chatgpt-chat-clickfix-macos-amos-infostealer/54928/

Scroll to Top