Tag: chatgpt
-
‘Severe’ bug in ChatGPT’s API could be used to DDoS websites
The vulnerability, described by a researcher as “bad programming,” allows an attacker to send unlimited connection requests through ChatGPT’s API. First seen on cyberscoop.com Jump to article: cyberscoop.com/ddos-openai-chatgpt-api-vulnerability-microsoft/
-
ChatGPT-Lücke ermöglicht DDoS-Attacken
srcset=”https://b2b-contenthub.com/wp-content/uploads/2025/01/shutterstock_2560810077.jpg?quality=50&strip=all 3696w, b2b-contenthub.com/wp-content/uploads/2025/01/shutterstock_2560810077.jpg?resize=300%2C168&quality=50&strip=all 300w, b2b-contenthub.com/wp-content/uploads/2025/01/shutterstock_2560810077.jpg?resize=768%2C432&quality=50&strip=all 768w, b2b-contenthub.com/wp-content/uploads/2025/01/shutterstock_2560810077.jpg?resize=1024%2C576&quality=50&strip=all 1024w, b2b-contenthub.com/wp-content/uploads/2025/01/shutterstock_2560810077.jpg?resize=1536%2C864&quality=50&strip=all 1536w, b2b-contenthub.com/wp-content/uploads/2025/01/shutterstock_2560810077.jpg?resize=2048%2C1152&quality=50&strip=all 2048w, b2b-contenthub.com/wp-content/uploads/2025/01/shutterstock_2560810077.jpg?resize=1240%2C697&quality=50&strip=all 1240w, b2b-contenthub.com/wp-content/uploads/2025/01/shutterstock_2560810077.jpg?resize=150%2C84&quality=50&strip=all 150w, b2b-contenthub.com/wp-content/uploads/2025/01/shutterstock_2560810077.jpg?resize=854%2C480&quality=50&strip=all 854w, b2b-contenthub.com/wp-content/uploads/2025/01/shutterstock_2560810077.jpg?resize=640%2C360&quality=50&strip=all 640w, b2b-contenthub.com/wp-content/uploads/2025/01/shutterstock_2560810077.jpg?resize=444%2C250&quality=50&strip=all 444w” width=”1024″ height=”576″ sizes=”(max-width: 1024px) 100vw, 1024px”>Über eine HTTP-Anfrage an die ChatGPT-API können Angreifer eine Zielwebseite mit Tausenden Netzwerkanfragen bombardieren. miss.cabul Shutterstock.comDer Sicherheitsforscher Benjamin Flesch hat kürzlich herausgefunden, dass eine Lücke im ChatGPT-Crawler für…
-
ChatGPT API flaws could allow DDoS, prompt injection attacks
OpenAI-owned ChatGPT might have a vulnerability that could allow threat actors to launch distributed denial of service (DDoS) attacks on unsuspecting targets. According to a discovery made by German security researcher Benjamin Flesch, the ChatGPT crawler, which OpenAI uses to collect data from the internet to improve ChatGPT, can be tricked into DDoSing arbitrary websites. “ChatGPT crawler…
-
Almost 10% of GenAI Prompts Include Sensitive Data: Study
A study by cybersecurity startup Harmonic Security found that 8.5% of prompts entered into generative AI models like ChatGPT, Copilot, and Gemini last year included sensitive information, putting personal and corporate data at risk of being leaked. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/01/almost-10-of-genai-prompts-include-sensitive-data-study/
-
Researchers Used ChatGPT to Discover S3 Bucket Takeover Vulnerability in Red Bull
Bug bounty programs have emerged as a critical avenue for researchers to identify vulnerabilities in digital platforms. One such success story involves a recent discovery made within the Red Bull bug bounty program, where a security researcher utilized ChatGPT to craft a domain monitoring script that ultimately led to the identification of a significant Amazon…
-
ChatGPT Crawler Vulnerability Abused to Trigger Reflexive DDoS Attacks
Security researchers have uncovered a severe vulnerability in OpenAI’s ChatGPT API, allowing attackers to exploit its architecture for launching Reflective Distributed Denial of Service (DDoS) attacks. This loophole, characterized by a high severity CVSS score of 8.6, raises significant concerns regarding the scalability and security of AI services deployed on cloud platforms, specifically Microsoft’s Azure.…
-
Forscher deckt auf: ChatGPT lässt sich für DDoS-Angriffe missbrauchen
Eine ChatGPT-API scheint bereitwillig eine lange Liste von Links zur gleichen Webseite anzunehmen – und diese anschließend ungebremst abzufragen. First seen on golem.de Jump to article: www.golem.de/news/forscher-deckt-auf-chatgpt-laesst-sich-fuer-ddos-angriffe-missbrauchen-2501-192565.html
-
How organizations can secure their AI code
Tags: ai, application-security, awareness, backdoor, breach, business, chatgpt, ciso, compliance, control, credentials, crime, cybersecurity, data, data-breach, finance, github, healthcare, LLM, malicious, ml, open-source, organized, programming, risk, risk-management, software, startup, strategy, supply-chain, technology, tool, training, vulnerabilityIn 2023, the team at data extraction startup Reworkd was under tight deadlines. Investors pressured them to monetize the platform, and they needed to migrate everything from Next.js to Python/FastAPI. To speed things up, the team decided to turn to ChatGPT to do some of the work. The AI-generated code appeared to function, so they…
-
OpenAI’s ChatGPT crawler can be tricked into DDoSing sites, answering your queries
The S in LLM stands for Security First seen on theregister.com Jump to article: www.theregister.com/2025/01/19/openais_chatgpt_crawler_vulnerability/
-
Employees Enter Sensitive Data Into GenAI Prompts Far Too Often
The propensity for users to enter customer data, source code, employee benefits information, financial data, and more into ChatGPT, Copilot, and others is racking up real risk for enterprises. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/employees-sensitive-data-genai-prompts
-
AI Privacy Policies: Unveiling the Secrets Behind ChatGPT, Gemini, and Claude
Do you ever read the privacy policy of your favorite AI tools like ChatGPT, Gemini, or Claude? In this episode, Scott Wright and Tom Eston discuss the critical aspects of these policies, comparing how each AI engine handles your personal data. They explore the implications of data usage, security, and privacy in AI, with insights……
-
Stay on top of tech: five ways to take back control, from emails to AI
Is tech calling the shots in your life? From making AI work smarter to tracking stolen phones, our expert explains how to get aheadAsking ChatGPT to write your emails is so two years ago. Generative AI tools are now going beyond the basic text-prompt phase. Take Google’s <a href=”https://notebooklm.google/”>NotebookLM, an experimental “AI research assistant” that…
-
SOAR buyer’s guide: 11 security orchestration, automation, and response products, and how to choose
Tags: access, ai, api, attack, automation, business, chatgpt, cisco, cloud, compliance, container, cybersecurity, data, detection, edr, endpoint, firewall, fortinet, gartner, google, group, guide, Hardware, ibm, incident response, infrastructure, intelligence, jobs, LLM, malware, mandiant, marketplace, microsoft, mitigation, monitoring, network, okta, risk, saas, security-incident, service, siem, soar, soc, software, technology, threat, tool, training, vulnerability, vulnerability-management, zero-daySecurity orchestration, automation, and response (SOAR) has undergone a major transformation in the past few years. Features in each of the words in its description that were once exclusive to SOAR have bled into other tools. For example, responses can be found now in endpoint detection and response (EDR) tools. Orchestration is now a joint…
-
Gen AI is transforming the cyber threat landscape by democratizing vulnerability hunting
Tags: ai, api, apt, attack, bug-bounty, business, chatgpt, cloud, computing, conference, credentials, cve, cyber, cybercrime, cyberespionage, cybersecurity, data, defense, detection, email, exploit, finance, firewall, flaw, framework, github, government, group, guide, hacker, hacking, incident response, injection, LLM, malicious, microsoft, open-source, openai, penetration-testing, programming, rce, RedTeam, remote-code-execution, service, skills, software, sql, tactics, threat, tool, training, update, vulnerability, waf, zero-dayGenerative AI has had a significant impact on a wide variety of business processes, optimizing and accelerating workflows and in some cases reducing baselines for expertise.Add vulnerability hunting to that list, as large language models (LLMs) are proving to be valuable tools in assisting hackers, both good and bad, in discovering software vulnerabilities and writing…
-
12 cybersecurity resolutions for 2025
Tags: advisory, ai, api, attack, awareness, breach, business, ceo, chatgpt, china, ciso, communications, control, crowdstrike, cyber, cyberattack, cybersecurity, data, data-breach, deep-fake, defense, detection, email, identity, insurance, jobs, law, malicious, phishing, ransomware, risk, risk-assessment, risk-management, strategy, supply-chain, technology, threat, tool, training, vulnerabilityAs cyber threats continue to evolve, CISOs must prepare for an increasingly complex threat landscape. From dealing with AI-driven attacks to managing changing regulatory requirements, it’s clear that 2025 will be another big year for CISOs.But staying ahead requires more than just implementing the next cutting-edge set of tools or technologies. It demands a shift…
-
ETH Zürich prüft nach – Wie gesetzestreu sind ChatGPT und andere KI-Modelle?
First seen on security-insider.de Jump to article: www.security-insider.de/eth-zurich-forschung-ki-modelle-eu-ai-act-a-0de4f62bf6c8000f560f76c1023f4088/
-
Italy’s data protection watchdog fined OpenAI Euro15 million over ChatGPT’s data management violations
Italy’s data protection watchdog fined OpenAI Euro15 million for ChatGPT’s improper collection of personal data. Italy’s privacy watchdog, Garante Privacy, fined OpenAI Euro15M after investigating ChatGPT’s personal data collection practices. The Italian Garante Priacy also obliges OpenAI to conduct a six-month informational campaign over ChatGPT’s data management violations. The decision stems from a March 2023…
-
Italy’s Privacy Watchdog Fines OpenAI for ChatGPT’s Violations in Collecting Users Personal Data
Italy’s data protection watchdog fined OpenAI 15 million euros ($15.6 million) after wrapping up a probe into collection of personal data. The post Italy’s Privacy Watchdog Fines OpenAI for ChatGPT’s Violations in Collecting Users Personal Data appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/italys-privacy-watchdog-fines-openai-for-chatgpts-violations-in-collecting-users-personal-data/
-
Italy Fines OpenAI Euro15 Million for ChatGPT GDPR Data Privacy Violations
Italy’s data protection authority has fined ChatGPT maker OpenAI a fine of Euro15 million ($15.66 million) over how the generative artificial intelligence application handles personal data.The fine comes nearly a year after the Garante found that ChatGPT processed users’ information to train its service in violation of the European Union’s General Data Protection Regulation (GDPR).The…
-
PentestGPT A ChatGPT Powered Automated Penetration Testing Tool
GBHackers come across a new ChatGPT-powered Penetration testing Tool called >>PentestGPT>GreyDGL,
-
Italy’s Data Protection Watchdog Issues Euro15m Fine to OpenAI Over ChatGPT Probe
OpenAI must also initiate a six-month public awareness campaign across Italian media, explaining how it processes personal data for AI training First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/italy-15m-fine-to-openai-chatgpt/
-
Navigating the New Era of AI Traffic: How to Identify and Block AI Scrapers
In the not-so-distant past, webmasters faced challenges from bots like Google’s search spiders, which diligently scanned websites to index content and provide the best search results for users. Fast forward to today, and we are witnessing a new breed of bot: Large Language Models (LLMs) like ChatGPT and Claude. These AI models are not just……
-
Platforms are the Problem
Tags: ai, breach, business, chatgpt, cloud, cyber, cybercrime, cybersecurity, data, defense, detection, finance, firewall, fraud, infrastructure, intelligence, LLM, network, saas, service, technology, threat, toolA better path forward for cybersecurity Why is it that cybersecurity is struggling to keep pace with the rapidly evolving threat landscape? We spend more and more, tighten our perimeters, and still there are trillions of dollars being lost to cybercrime and cyber attacks. Setting aside the direct costs to individuals and businesses, and the…
-
Time of Reckoning Reviewing My 2024 Cybersecurity Predictions
Tags: ai, attack, automation, awareness, breach, business, chatgpt, china, compliance, cyber, cyberattack, cybercrime, cybersecurity, data, data-breach, disinformation, election, espionage, exploit, healthcare, incident response, infrastructure, jobs, law, linkedin, malware, monitoring, moveIT, phishing, privacy, ransomware, regulation, risk, russia, service, software, supply-chain, technology, threat, tool, ukraine, update, vulnerability, warfare, zero-dayThe brutal reality is that cybersecurity predictions are only as valuable as their accuracy. As 2024 comes to a close, I revisit my forecasts to assess their utility in guiding meaningful decisions. Anyone can make predictions (and far too many do), but actually being correct is another matter altogether. It is commonplace for security companies…
-
Sora and ChatGPT Currently Down Worldwide (UPDATED)
You are not alone, ChatGPT and Sora AI are down worldwide. OpenAI says it is aware of the… First seen on hackread.com Jump to article: hackread.com/sora-chatgpt-down-worldwide-openai-working-on-fix/
-
Sora and ChatGPT Currently Down Worldwide: OpenAI Working on a Fix
You are not alone, ChatGPT and Sora AI are down worldwide. OpenAI says it is aware of the… First seen on hackread.com Jump to article: hackread.com/sora-chatgpt-down-worldwide-openai-working-on-fix/