Tag: openai

Kritische Sicherheitslücke CVE-2025-61260 in OpenAI Codex CLI

Dec 9, 2025 12:32 AM

Tags: bug, cve, cyberattack, openai

Kleiner Infosplitter, der mir von den Sicherheitsforschern von Check Point Research (CPR) zugegangen ist. Die sind kürzlich in OpenAIs Codex CLI auf die kritische Sicherheitslücke CVE-2025-61260 gestoßen. Diese ermöglichte Angriffe über lokale Projektdateien, stille Code-Ausführung, Infiltration und Datenklau. Was ist … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/12/09/kritische-sicherheitsluecke-cve-2025-61260-in-openai-codex-cli/
Keep AI browsers out of your enterprise, warns Gartner

Dec 8, 2025 7:33 PM

Tags: access, ai, chatgpt, ciso, communications, control, credentials, cybersecurity, data, endpoint, flaw, gartner, group, injection, macOS, network, openai, phishing, privacy, risk, unauthorized, update, vulnerability

Traditional controls inadequate: AI browsers can autonomously navigate websites, fill out forms, and complete transactions while authenticated to web resources. As he and his colleagues wrote in their report, this makes the AI browsers susceptible to new cybersecurity risks, “such as indirect prompt-injection-induced rogue agent actions, inaccurate reasoning-driven erroneous agent actions, and further loss and…
Keep AI browsers out of your enterprise, warns Gartner

Dec 8, 2025 7:33 PM

Tags: access, ai, chatgpt, ciso, communications, control, credentials, cybersecurity, data, endpoint, flaw, gartner, group, injection, macOS, network, openai, phishing, privacy, risk, unauthorized, update, vulnerability

Traditional controls inadequate: AI browsers can autonomously navigate websites, fill out forms, and complete transactions while authenticated to web resources. As he and his colleagues wrote in their report, this makes the AI browsers susceptible to new cybersecurity risks, “such as indirect prompt-injection-induced rogue agent actions, inaccurate reasoning-driven erroneous agent actions, and further loss and…
Kritische Lücke in OpenAI Codex CLI: Unsichtbarer Lieferketten-Angriff gefährdete Entwickler weltweit

Dec 8, 2025 5:32 PM

Tags: cyberattack, openai, software, tool

Die Security-Forscher von Check Point Research (CPR), der Analyseabteilung von Check Point Software Technologies Ltd. (NASDAQ: CHKP), haben eine schwerwiegende Verwundbarkeit im Command-Line-Tool OpenAI Codex CLI entdeckt. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/kritische-luecke-in-openai-codex-cli-unsichtbarer-lieferketten-angriff-gefaehrdete-entwickler-weltweit/a43095/
Schwachstelle in OpenAI-Codex-CLI ermöglicht kritische Remote-Code-Execution

Dec 8, 2025 2:32 PM

Tags: ai, openai, remote-code-execution, software, tool, vulnerability

Die Sicherheitsforscher von Check Point Research (CPR), der IT-Forensik von Check Point Software Technologies, haben eine schwerwiegende Schwachstelle in OpenAI-Codex-CLI entdeckt. Dabei handelt es sich um das Command-Line-Tool von OpenAI, das KI-gestützte Programmierfunktionen direkt in Entwickler-Workflows integriert. Die Schwachstelle ermöglichte Remote-Code-Execution (RCE) allein durch das Öffnen eines manipulierten Projektordners und ohne Interaktion oder Zustimmung des…
OpenAI denies rolling out ads on ChatGPT paid plans

Dec 7, 2025 10:33 PM

Tags: chatgpt, openai

ChatGPT is allegedly showing ads to those who pay $20 for the Plus subscription, but OpenAI says this is an app recommendation feature, not an ad. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/artificial-intelligence/openai-denies-rolling-out-ads-on-chatgpt-paid-plans/
More evidence your AI agents can be turned against you

Dec 5, 2025 10:32 PM

Tags: ai, google, openai, programming, software, tool

Aikido found that AI coding tools from Google, Anthropic, OpenAI and others regularly embed untrusted prompts into software development workflows. First seen on cyberscoop.com Jump to article: cyberscoop.com/ai-coding-tools-can-be-turned-against-you-aikido-github-prompt-injection/
RCE flaw in OpenAI’s Codex CLI highlights new risks to dev environments

Dec 4, 2025 1:32 AM

Tags: access, ai, api, attack, automation, backdoor, cloud, exploit, flaw, google, malicious, open-source, openai, rce, remote-code-execution, risk, service, tool, vulnerability

Multiple attack vectors: For this flaw to be exploited, the victim needs to clone the repository and run Codex on it and an attacker needs to have commit access to the repo or have their malicious pull request accepted.”Compromised templates, starter repos, or popular open-source projects can weaponize many downstream consumers with a single commit,”…
OpenAI Codex CLI Flaw Allows Attackers to Run Arbitrary Commands

Dec 2, 2025 8:49 AM

Tags: ai, cve, cyber, flaw, openai, tool, vulnerability

OpenAI’s Codex CLI, a command-line tool designed to bring AI-powered reasoning into developer workflows, contains a critical vulnerability that allows attackers to execute arbitrary commands on developer machines without any user interaction or approval. Security researchers Isabel Mill and Oded Vanunu discovered the flaw, tracked as CVE-2025-61260, on December 1, 2025. Attribute Details CVE ID CVE-2025-61260…
OpenAI Codex CLI Flaw Allows Attackers to Run Arbitrary Commands

Dec 2, 2025 8:49 AM

Tags: ai, cve, cyber, flaw, openai, tool, vulnerability

OpenAI’s Codex CLI, a command-line tool designed to bring AI-powered reasoning into developer workflows, contains a critical vulnerability that allows attackers to execute arbitrary commands on developer machines without any user interaction or approval. Security researchers Isabel Mill and Oded Vanunu discovered the flaw, tracked as CVE-2025-61260, on December 1, 2025. Attribute Details CVE ID CVE-2025-61260…
Leak confirms OpenAI is preparing ads on ChatGPT for public roll out

Nov 29, 2025 12:49 PM

Tags: chatgpt, leak, openai

OpenAI is now internally testing ‘ads’ inside ChatGPT that could redefine the web economy. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/artificial-intelligence/leak-confirms-openai-is-preparing-ads-on-chatgpt-for-public-roll-out/
OpenAI Suspends Mixpanel Use After Analytics Data Breach

Nov 28, 2025 7:49 PM

Tags: ai, api, breach, chatgpt, data, data-breach, intelligence, openai

ChatGPT Maker Probes Third-Party Data Breach; OpenAI API Users’ Information Exposed. OpenAI has temporarily ceased use of Mixpanel after the analytics firm disclosed a breach affecting profile data of the artificial intelligence giant’s API platform users. The company is notifying impacted organizations and watching for signs of data misuse. First seen on govinfosecurity.com Jump to…
OpenAI cuts off Mixpanel after analytics leak exposes API users

Nov 27, 2025 5:49 PM

Tags: api, breach, chatgpt, leak, openai

ChatGPT maker places other vendors under review following breach First seen on theregister.com Jump to article: www.theregister.com/2025/11/27/openai_mixpanel_api/
OpenAI admits data breach after analytics partner hit by phishing attack

Nov 27, 2025 4:49 PM

Tags: access, ai, api, attack, authentication, backdoor, breach, chatgpt, credentials, data, data-breach, email, governance, government, mfa, openai, password, phishing, risk

Name provided to OpenAI on the API account Email address associated with the API accountApproximate location based on API user browser (city, state, country)Operating system and browser used to access the API accountReferring websitesOrganization or User IDs associated with the API account”We proactively communicated with all impacted customers. If you have not heard from us directly,…
OpenAI-Dienstleister gehackt

Nov 27, 2025 4:49 PM

Tags: access, ai, api, chatgpt, cyberattack, mail, openai, password, phishing, social-engineering

Cyberkriminelle sind in das System des Datenanalyseanbieters von OpenAI eingedrungen.Laut einer Mitteilung von OpenAI haben sich Cyberkriminelle Anfang November Zugriff auf die Systeme des Analysedienst Mixpanel verschafft. Demnach wurden dabei Daten von API-Nutzern abgegriffen.Folgende Informationen sind möglicherweise davon betroffen:Name im API-Konto,E-Mail-Adressen, die mit dem API-Konto verknüpft sind,Ungefährer Standort basierend auf dem Browser des API-Nutzers (Stadt,…
OpenAI data may have been exposed after a cyberattack on analytics firm Mixpanel

Nov 27, 2025 4:49 PM

Tags: cyberattack, data, data-breach, openai

OpenAI warns some users that a cyberattack on analytics firm Mixpanel may have exposed their data. Mixpanel is a product analytics platform that companies use to understand how people interact with their apps or websites. Many tech companies use Mixpanel to make data-driven decisions about features, performance, and customer journeys. OpenAI is alerting some users about…
OpenAI Reveals Mixpanel Data Breach Exposing User Details

Nov 27, 2025 3:49 PM

Tags: api, breach, cyber, data, data-breach, email, monitoring, openai, security-incident

OpenAI has publicly disclosed a security incident involving a data breach at Mixpanel, a third-party analytics provider previously used by the company for monitoring usage on its API platform. The breach exposed limited but sensitive user information, including names, email addresses, operating system details, and browser metadata. According to OpenAI, the incident originated within Mixpanel’s…
OpenAI Reveals Mixpanel Data Breach Exposing User Details

Nov 27, 2025 3:49 PM

Tags: api, breach, cyber, data, data-breach, email, monitoring, openai, security-incident

OpenAI has publicly disclosed a security incident involving a data breach at Mixpanel, a third-party analytics provider previously used by the company for monitoring usage on its API platform. The breach exposed limited but sensitive user information, including names, email addresses, operating system details, and browser metadata. According to OpenAI, the incident originated within Mixpanel’s…
OpenAI-Server über Dienstleister gehackt, API-Daten abgeflossen

Nov 27, 2025 1:49 PM

Tags: ai, api, openai

Der AI-Platzhirsch OpenAI wurde am 9. November 2025 über den Dienstleister Mixpanel gehackt. Wer die API-Dienste von OpenAI genutzt hat, sollte davon ausgehen, dass die Angreifer Name, den Standort, die Benutzer-ID und andere Informationen abgegriffen hat. Das ist gerade von … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/11/27/openai-server-ueber-dienstleister-gehackt-api-daten-abgeflossen/
OpenAI API User Data Exposed in Mixpanel Breach, ChatGPT Unaffected

Nov 27, 2025 1:49 PM

Tags: api, breach, chatgpt, data, data-breach, email, openai

OpenAI confirmed a third-party data breach via Mixpanel, exposing limited API user metadata like names, emails and browser… First seen on hackread.com Jump to article: hackread.com/openai-api-mixpanel-data-breach-chatgpt/
Nutzerdaten abgeflossen: Dienstleister von OpenAI fällt auf Phishing-SMS rein

Nov 27, 2025 1:49 PM

Tags: chatgpt, openai, phishing, smishing

Bei dem Webanalyse-Dienstleister Mixpanel sind durch eine Smishing-Attacke Daten abgeflossen. Das betrifft auch Nutzer des ChatGPT-Entwicklers OpenAI. First seen on golem.de Jump to article: www.golem.de/news/datenleck-openai-dienstleister-faellt-auf-phishing-sms-rein-2511-202663.html
OpenAI discloses API customer data breach via Mixpanel vendor hack

Nov 27, 2025 12:49 PM

Tags: api, breach, chatgpt, data, data-breach, openai

OpenAI is notifying some ChatGPT API customers that limited identifying information was exposed following a breach at its third-party analytics provider Mixpanel. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/openai-discloses-api-customer-data-breach-via-mixpanel-vendor-hack/
OpenAI Warns of Mixpanel Data Breach Impacting API Users

Nov 27, 2025 12:49 PM

Tags: api, breach, data, data-breach, openai

The breach may have exposed OpenAI API customers’ data First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/openai-warns-mixpanel-data-breach/
Datenleck: OpenAI-Dienstleister fällt auf Phishing-SMS rein

Nov 27, 2025 12:49 PM

Tags: chatgpt, data-breach, openai, phishing, smishing

Bei dem Webanalyse-Dienstleister Mixpanel sind durch eine Smishing-Attacke Daten abgeflossen. Das betrifft auch Nutzer des ChatGPT-Entwicklers OpenAI. First seen on golem.de Jump to article: www.golem.de/news/datenleck-openai-dienstleister-faellt-auf-phishing-sms-rein-2511-202663.html
Von LLM generierte Malware wird immer besser

Nov 27, 2025 5:49 AM

Tags: cloud, exploit, LLM, malware, openai, threat, vmware

Forscher tricksen Chatbots aus, stoßen aber auf unzuverlässige Ergebnisse.Cyberkriminelle versuchen bereits seit geraumer Zeit, mit Hilfe von Large Language Models (LLM) ihre dunklen Machenschaften zu automatisieren. Aber können sie schon bösartigen Code generieren, der ‘marktreif” und bereit für den operativen Einsatz ist? Das wollten die Forschenden von Netskope Threat Labs herausfinden, indem sie Chatbots dazu…
AI browsers can be tricked with malicious prompts hidden in URL fragments

Nov 27, 2025 1:49 AM

Tags: ai, attack, backdoor, browser, chrome, computer, email, finance, google, injection, malicious, malware, microsoft, openai, phishing, phone, risk, social-engineering, vulnerability

Tricking users into clicking poisoned links: HashJack is essentially a social engineering attack because it relies on tricking users to click on specially crafted URLs inside emails, chats, websites, or documents. However, this attack can be highly credible because it points to legitimate websites.For example, imagine a spoofed email that claims to be from a…
AI browsers can be tricked with malicious prompts hidden in URL fragments

Nov 27, 2025 1:49 AM

Tags: ai, attack, backdoor, browser, chrome, computer, email, finance, google, injection, malicious, malware, microsoft, openai, phishing, phone, risk, social-engineering, vulnerability

Tricking users into clicking poisoned links: HashJack is essentially a social engineering attack because it relies on tricking users to click on specially crafted URLs inside emails, chats, websites, or documents. However, this attack can be highly credible because it points to legitimate websites.For example, imagine a spoofed email that claims to be from a…
The Emergence of GPTPowered Ransomware and the Threat to IAM Systems

Nov 25, 2025 4:49 PM

Tags: cybersecurity, iam, malware, openai, ransomware, threat

The cybersecurity landscape is undergoing a profound transformation. Traditional malware, characterized by static code and predictable behaviors, is being eclipsed by a new breed of threats powered by advanced artificial intelligence. A notable example is the emergence of MalTerminal, a malware leveraging OpenAI’s GPT-4 to generate ransomware and reverse shells in real-time. This development marks..…
The Emergence of GPTPowered Ransomware and the Threat to IAM Systems

Nov 25, 2025 4:49 PM

Tags: cybersecurity, iam, malware, openai, ransomware, threat

The cybersecurity landscape is undergoing a profound transformation. Traditional malware, characterized by static code and predictable behaviors, is being eclipsed by a new breed of threats powered by advanced artificial intelligence. A notable example is the emergence of MalTerminal, a malware leveraging OpenAI’s GPT-4 to generate ransomware and reverse shells in real-time. This development marks..…
SesameOp: Neuartige Backdoor in OpenAI API für CC missbraucht

Nov 22, 2025 12:49 AM

Tags: api, backdoor, cyberattack, microsoft, openai

Sicherheitsforscher von Microsoft sind auf eine neuartige Backdoor in der OpenAI Assistant API gestoßen, und haben diese SesameOp genannt. Diese neuartige Backdoor, die von einem Angreifer verwendet wurde, nutzt die API des OpenAI Assistant, um Befehls- und Kontrollfunktionen für Cyberangriffe … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/11/22/sesameop-neuartige-backdoor-in-openai-api-fuer-cc-missbraucht/