45 matches found
AI Chatbot Recommendations Redirect Users to Cryptojacking Malware Sites
Microsoft has warned of an active cryptojacking campaign that makes use of artificial intelligence AI chatbot interactions as a mechanism for surfacing malicious download sites. "This emerging delivery technique extends social engineering beyond conventional search results and increases the...
We Scanned 1 Million Exposed AI Services. Here's How Bad the Security Actually Is
While the software industry has made genuine strides over the past few decades to deliver products securely, the furious pace of AI adoption is putting that progress at risk. Businesses are moving fast to self-host LLM infrastructure, drawn by the promise of AI as a force multiplier and the...
AI Chatbots and Trust
All the leading AI chatbots are sycophantic, and that's a problem: Participants rated sycophantic AI responses as more trustworthy than balanced ones. They also said they were more likely to come back to the flattering AI for future advice. And critically they couldn't tell the difference betwe...
Asking AI for personal advice is a bad idea, Stanford study shows
Stanford computer scientists just proved what therapists already suspected: AI chatbots will agree with almost anything you say to keep you happy. The researchers caught these systems validating dangerous decisions just to maintain user engagement. That's a worrying development, especially given...
CVE-2026-0847
A vulnerability in NLTK versions up to and including 3.9.2 allows arbitrary file read via path traversal in multiple CorpusReader classes, including WordListCorpusReader, TaggedCorpusReader, and BracketParseCorpusReader. These classes fail to properly sanitize or validate file paths, enabling...
CVE-2026-0847
A vulnerability in NLTK versions up to and including 3.9.2 allows arbitrary file read via path traversal in multiple CorpusReader classes, including WordListCorpusReader, TaggedCorpusReader, and BracketParseCorpusReader. These classes fail to properly sanitize or validate file paths, enabling...
Poisoning AI Training Data
All it takes to poison AI training data is to create a website: I spent 20 minutes writing an article on my personal website titled "The best tech journalists at eating hot dogs." Every word is a lie. I claimed without evidence that competitive hot-dog-eating is a popular hobby among tech reporte...
Firefox Will Give Users an AI Kill Switch for Better Privacy
Not everyone wants AI in their browser. Firefox 148 is introducing easy toggles to disable chatbots and AI tab grouping. Discover how Mozilla is prioritising user choice and privacy in its latest 2026 update...
When Does a Chatbot Make Sense in Freshdesk and When It Doesn’t
Customer support teams adopt chatbots to reduce workload, shorten response times, and control costs. Freshdesk makes chatbot deployment…...
Improving Cybercrime Detection and Digital Forensics Investigations with Artificial Intelligence
According to a recent EUROPOL report, cybercrime is still recurrent in Europe, and different activities and countermeasures must be taken to limit, prevent, detect, analyze, and fight it. Cybercrime must be prevented with specific measures, tools, and techniques, for example through automated...
EUVD-2024-37080
Malicious code in bioql PyPI...
Hidden Commands in Images Exploit AI Chatbots and Steal Data
Hidden commands in images can exploit AI chatbots, leading to data theft on platforms like Gemini through a…...
Exploring User Security and Privacy Attitudes and Concerns toward the Use of General-Purpose LLM Chatbots for Mental Health
Individuals are increasingly relying on large language model LLM-enabled conversational agents for emotional support. While prior research has examined privacy and security issues in chatbots specifically designed for mental health purposes, these chatbots are overwhelmingly "rule-based" offering...
WordPress Chaport <= 1.1.6 - Cross Site Scripting (XSS) Vulnerability
Cross Site Scripting XSS Vulnerability discovered by haudayroi - BlueRock in WordPress Plugin Chaport versions = 1.1.6...
Privacy and Security Threat for OpenAI GPTs
Large language models LLMs demonstrate powerful information handling capabilities and are widely integrated into chatbot applications. OpenAI provides a platform for developers to construct custom GPTs, extending ChatGPT's functions and integrating external services. Since its release in November...
CVE-2025-47777 5ire Client Vulnerable to Cross-Site Scripting (XSS) and Remote Code Execution (RCE)
5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. Versions prior to 0.11.1 are vulnerable to stored cross-site scripting in chatbot responses due to insufficient sanitization. This, in turn, can lead to Remote Code Execution RCE via unsafe...
PT-2025-21176 · Electron +1 · Electron +1
Name of the Vulnerable Software and Affected Versions: 5ire versions prior to 0.11.1 Description: The issue is related to stored cross-site scripting in chatbot responses due to insufficient sanitization, which can lead to Remote Code Execution RCE via unsafe Electron protocol handling and expose...
A Proposal for Evaluating the Operational Risk for ChatBots Based on Large Language Models
The emergence of Generative AI Gen AI and Large Language Models LLMs has enabled more advanced chatbots capable of human-like interactions. However, these conversational agents introduce a broader set of operational risks that extend beyond traditional cybersecurity considerations. In this work, ...
A week in security (February 10 – February 16)
Last week on Malwarebytes Labs: A suicide reveals the lonely side of AI chatbots, with Courtney Brown Lock and Code S06E03 Apple ordered to grant access to users’ encrypted data Phishing evolves beyond email to become latest Android app threat Apple fixes zero-day vulnerability used in "extremely...
EmbedAI 安全漏洞
EmbedAI is a platform from EmbedAI that enables users to use their data to create AI chatbots powered by ChatGPT. A security vulnerability exists in EmbedAI version 2.1 and prior versions that stems from improper access control...