springboot-openai-chatgpt 安全漏洞

springboot-openai-chatgpt is a SpringCloud microservices based architecture by 274056675 individual developers. A security vulnerability exists in springboot-openai-chatgpt that stems from improper authorization and could lead to remote attacks...

‘OpenAI’ Job Scam Targeted International Workers Through Telegram

An alleged job scam, led by “Aiden” from “OpenAI,” recruited workers in Bangladesh for months before disappearing overnight, according to FTC complaints obtained by WIRED...

⚡ THN Weekly Recap: From $1.5B Crypto Heist to AI Misuse & Apple's Data Dilemma

Welcome to your weekly roundup of cyber news, where every headline gives you a peek into the world of online battles. This week, we look at a huge crypto theft, reveal some sneaky AI scam tricks, and discuss big changes in data protection. Let these stories spark your interest and help you...

OpenAI Bans Accounts Misusing ChatGPT for Surveillance and Influence Campaigns

OpenAI on Friday revealed that it banned a set of accounts that used its ChatGPT tool to develop a suspected artificial intelligence AI-powered surveillance tool. The social media listening tool is said to likely originate from China and is powered by one of Meta's Llama models, with the accounts...

A week in security (February 3 – February 9)

Last week on Malwarebytes Labs: WhatsApp says Paragon is spying on specific users New AI "agents" could hold people for ransom in 2025 Valley News Live exposed more than a million job seeker’s resumes Small business owners, secure your web shop University site cloned to evade ad detection...

20 million OpenAI accounts offered for sale

A cybercriminal acting under the moniker “emirking” offered 20 million OpenAI user login credentials this week, sharing what appeared to be samples of the stolen data itself. Post by emirking A translation of the Russian statement by the poster says: “When I realized that OpenAI might have to...

CVE-2024-6587

A Server-Side Request Forgery SSRF vulnerability exists in berriai/litellm version 1.38.10. This vulnerability allows users to specify the apibase parameter when making requests to POST /chat/completions, causing the application to send the request to the domain specified by apibase. This request...

API Security Is At the Center of OpenAI vs. DeepSeek Allegations

With a high-stakes battle between OpenAI and its alleged Chinese rival, DeepSeek, API security was catapulted to priority number one in the AI community today. According to multiple reports, OpenAI and Microsoft have been investigating whether DeepSeek improperly used OpenAI’s API to train its ow...

PT-2025-2247 · WordPress · Jobify

Name of the Vulnerable Software and Affected Versions: Jobify - Job Board WordPress Theme for WordPress versions up to, and including, 4.2.7 Description: The issue concerns unauthorized access and modification of data due to a missing capability check in the download image via ai and generate ima...

CVE-2024-53526

composio =0.5.40 is vulnerable to Command Execution in composioopenai, composioclaude, and composiojulep via the handletoolcalls function...

CVE-2024-56516 free-one-api uses md5 for password storage

free-one-api allows users to access large language model reverse engineering libraries through the standard OpenAI API format. In versions up to and including 1.0.1, MD5 is used to hash passwords before sending them to the backend. MD5 is a cryptographically broken hashing algorithm and is no...

PT-2024-36826 · Unknown · Free-One-Api

Name of the Vulnerable Software and Affected Versions: free-one-api versions up to and including 1.0.1 Description: The issue concerns the use of MD5, a cryptographically broken hashing algorithm, to hash passwords before sending them to the backend. This makes it vulnerable to collision attacks...

Italy Fines OpenAI €15 Million for ChatGPT GDPR Data Privacy Violations

Italy's data protection authority has fined ChatGPT maker OpenAI a fine of €15 million $15.66 million over how the generative artificial intelligence application handles personal data. The fine comes nearly a year after the Garante found that ChatGPT processed users' information to train its...

Malicious code in openai-extension (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 025855a4aad79b7f6961770b428612b04f28558b5aaa0eafd1590c9bd641dcc0 The OpenSSF Package Analysis project identified 'openai-extension' @ 1.0.0 npm as malicious. It is considered malicious because: - The package...

MAL-2024-12097 Malicious code in openai-extension (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 025855a4aad79b7f6961770b428612b04f28558b5aaa0eafd1590c9bd641dcc0 The OpenSSF Package Analysis project identified 'openai-extension' @ 1.0.0 npm as malicious. It is considered malicious because: - The package...

ai.acolite:openai-agent-sdk (>=0.1.0 <=0.4.0), ai.ancf.lmos-router:lmos-router-llm-in-spring-cloud-gateway-demo (>=0.2.0 <=0.28.0) +16301 more potentially affected by CVE-2024-12801 via ch.qos.logback:logback-core (>=1.4.0 <=1.5.12)

ch.qos.logback:logback-core MAVEN version =1.4.0, =0.1.0, =0.2.0, =0.114.0, =0.103.0, =0.114.0, =0.2.0, =0.8.0, =0.9.0 - ai.djl.spring:djl-spring-boot-starter-autoconfigure =0.26 - ai.djl.spring:djl-spring-boot-starter-mxnet-auto =0.26 - ai.djl.spring:djl-spring-boot-starter-mxnet-linux-x8664 =0....

Malicious code in openai-realtime-console (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 63903b0e2f2b97ef7bde23b987c10da50353b221fdaa4036434af2c3c6e1ab47 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-11838 Malicious code in openai-realtime-console (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 63903b0e2f2b97ef7bde23b987c10da50353b221fdaa4036434af2c3c6e1ab47 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Sora and ChatGPT Currently Down Worldwide (UPDATED)

You are not alone, ChatGPT and Sora AI are down worldwide. OpenAI says it is aware of the…...

Why Cybercriminals Are Not Necessarily Embracing AI

As published in HackerNoon and featured as a “Top 20 Best Read Article” for AI. Introduction The rapid advancement of AI has offered powerful tools for malware detection, but it has also introduced new avenues for adversarial attacks. As an example, recently OpenAI reported threat actors abusing...