The Register on MSN

OpenAI plugs ShadowLeak bug in ChatGPT that let miscreants raid inboxes

Radware says flaw enabled hidden email prompts to trick Deep Research agent into exfiltrating sensitive data ChatGPT's ...

Radware Uncovers First Zero-Click, Service-Side Vulnerability in ChatGPT

“This is the quintessential zero-click attack,” said David Aviv, chief technology officer at Radware. “There is no user action required, no visible cue and no way for victims to know their data has ...
CSO Online

Meet ShadowLeak: ‘Impossible to detect’ data theft using AI

Radware has created a zero-click indirect prompt injection technique that could bypass ChatGPT to trick OpenAI servers into ...
SecurityWeek

ChatGPT Targeted in Server-Side Data Theft Attack

The attack, dubbed ShadowLeak, targeted ChatGPT’s Deep Research capability, which is designed to conduct multi-step research ...
The Hacker News

ShadowLeak Zero-Click Flaw Leaks Gmail Data via OpenAI ChatGPT Deep Research Agent

ShadowLeak zero-click flaw in ChatGPT Deep Research leaks Gmail data via hidden HTML prompts, bypassing security ...
Infosecurity Magazine

Zero-Click Vulnerability in ChatGPT's Agent Enables Silent Gmail Data Theft

Researchers at Radware found a zero-click flaw in ChatGPT Deep Research agent when connected to Gmail and browsing ...

New attack on ChatGPT research agent pilfers secrets from Gmail inboxes

Today’s installment hits OpenAI’s Deep Research agent. Researchers recently devised an attack that plucked confidential information out of a user’s Gmail inbox and sent it to an attacker-controlled ...