478 matches found
EUVD-2025-22334
Malicious code in bioql PyPI...
EUVD-2023-59396
Malicious code in bioql PyPI...
EUVD-2024-26139
Malicious code in bioql PyPI...
EUVD-2024-34800
Malicious code in bioql PyPI...
EUVD-2024-38530
Malicious code in bioql PyPI...
EUVD-2025-7563
Malicious code in bioql PyPI...
EUVD-2024-37627
Malicious code in bioql PyPI...
EUVD-2025-6656
Malicious code in bioql PyPI...
EUVD-2024-26129
Malicious code in bioql PyPI...
EUVD-2025-6631
Malicious code in bioql PyPI...
EUVD-2025-9434
Malicious code in bioql PyPI...
ChatGPT solves CAPTCHAs if you tell it they’re fake
If you’re seeing fewer or different CAPTCHA puzzles in the near future, that’s not because website owners have agreed that they’re annoying, but it might be because they no longer prove that the visitor is human. For those that forgot what CAPTCHA stands for: Completely Automated Public Turing te...
ShadowLeak Exploit Exposed Gmail Data Through ChatGPT Agent
Radware researchers revealed a service-side flaw in OpenAI's ChatGPT. The ShadowLeak attack had used indirect prompt injection to bypass defences and leak sensitive data, but the issue has since been fixed...
A week in security (September 15 – September 21)
Last week on Malwarebytes Labs: ChatGPT Deep Research zero-click vulnerability fixed by OpenAI Disrupted phishing service was after Microsoft 365 credentials Update your Chrome today: Google patches 4 vulnerabilities including one zero-day Age verification and parental controls coming to ChatGPT ...
ShadowLeak Zero-Click Flaw Leaks Gmail Data via OpenAI ChatGPT Deep Research Agent
Cybersecurity researchers have disclosed a zero-click flaw in OpenAI ChatGPT's Deep Research agent that could allow an attacker to leak sensitive Gmail inbox data with a single crafted email without any user action. The new class of attack has been codenamed ShadowLeak by Radware. Following...
MAL-2025-42192 Malicious code in @chatgptclaudeclub/claude-code (npm)
The package @chatgptclaudeclub/claude-code was found to contain malicious code...
AgentFlayer 0-click exploit abuses ChatGPT Connectors to Steal 3rd-party app data
AgentFlayer is a critical vulnerability in ChatGPT Connectors. Learn how this zero-click attack uses indirect prompt injection to…...
A Single Poisoned Document Could Leak ‘Secret’ Data Via ChatGPT
Security researchers found a weakness in OpenAI’s Connectors, which let you hook up ChatGPT to other services, that allowed them to extract data from a Google Drive without any user interaction...
OpenAI kills “short-lived experiment” where ChatGPT chats could be found on Google
A little-known ChatGPT "feature" is now gone. It could be a good thing. On X, OpenAI Chief Information Security Officer Dane Stuckey announced that OpenAI "removed a feature from ChatGPT that allowed users to make their conversations discoverable by search engines, such as Google." Stuckey called...
Browser Extensions Can Exploit ChatGPT, Gemini in ‘Man in the Prompt’ Attack
Man in the Prompt attack shows how browser extensions can exploit ChatGPT, Gemini and other AI tools to steal data or inject hidden prompts...