CVE-2026-11326

OpenAI Atlas before 1.2025.288.15 exposed privileged browser APIs to web content on .openai.com origins. A cross-site scripting vulnerability in forum.openai.com could be used to access these functions, allowing access to browser history information and the ability to open or close tabs. OpenAI...

EUVD-2026-34776

OpenAI Atlas before 1.2025.288.15 exposed privileged browser APIs to web content on .openai.com origins. A cross-site scripting vulnerability in forum.openai.com could be used to access these functions, allowing access to browser history information and the ability to open or close tabs. OpenAI...

CVE-2026-11326

OpenAI Atlas prior to 1.2025.288.15 exposed privileged browser APIs to web content on *.openai.com origins. A cross-site scripting vulnerability in forum.openai.com could access these APIs, enabling access to browser history and the ability to open or close tabs. Atlas 1.2025.288.15 narrows API a...

ClickFix Campaigns Spread MacSync macOS Infostealer via Fake AI Tool Installers

Three different ClickFix campaigns have been found to act as a delivery vector for the deployment of a macOS information stealer called MacSync. "Unlike traditional exploit-based attacks, this method relies entirely on user interaction – usually in the form of copying and executing commands –...

ChatGPT Atlas Browser Can Be Tricked by Fake URLs into Executing Hidden Commands

The newly released OpenAI ChatGPT Atlas web browser has been found to be susceptible to a prompt injection attack where its omnibox can be jailbroken by disguising a malicious prompt as a seemingly harmless URL to visit. "The omnibox combined address/search bar interprets input either as a URL to...