Tag: openai

Beschuldigung als Kindermörder: noyb reicht 2. Beschwerde gegen OpenAI ein

Mar 24, 2025 5:13 AM

Tags: ai, chatgpt, openai

Datenschutzaktivisten von noyb haben eine zweite Beschwerde gegen OpenAI eingereicht. Der Hintergrund ist, das ChatGPT bei einem Norweger eine Fake-Story erfunden hat, die den Mann fälschlich als Kindermörder darstellte. Der rasante Aufstieg von KI-Chatbots wie ChatGPT wurde von kritischen Stimmen … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/03/24/beschuldigung-als-kindermoerder-noyb-reicht-2-beschwerde-gegen-openai-ein/
Violent ChatGPT Hallucination Sparks GDPR Complaint

Mar 20, 2025 10:13 PM

Tags: chatgpt, GDPR, openai

Norwegian Man Tells OpenAI: I Didn’t Kill My Children. A Norwegian man is peeved that a chatbot hallucinated a violent backstory for his life after seeing that ChatGPT apparently believes he’s a child killer spending decades inside prison. The fact that someone could read this output and believe it is true is what scares me…
Actively Exploited ChatGPT Bug Puts Organizations at Risk

Mar 18, 2025 6:52 PM

Tags: chatgpt, exploit, infrastructure, malicious, openai, risk, threat, vulnerability

A server-side request forgery vulnerability in OpenAI’s chatbot infrastructure can allow attackers to direct users to malicious URLs, leading to a range of threat activity. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/actively-exploited-chatgpt-bug-organizations-risk
Hackers Exploit SSRF Vulnerability to Attack OpenAI’s ChatGPT Infrastructure

Mar 18, 2025 12:52 PM

Tags: attack, chatgpt, cve, cyber, cybersecurity, exploit, hacker, infrastructure, openai, threat, vulnerability

A critical cybersecurity alert has been issued following the active exploitation of a Server-Side Request Forgery (SSRF) vulnerability in OpenAI’s ChatGPT infrastructure. According to the Veriti report, the vulnerability, identified as CVE-2024-27564, has been weaponized by attackers in real-world attacks, highlighting the dangers of underestimating medium-severity vulnerabilities. CVE-2024-27564: Understanding the Threat CVE-2024-27564 allows attackers to…
Hackers Exploit ChatGPT with CVE-2024-27564, 10,000+ Attacks in a Week

Mar 17, 2025 10:52 PM

Tags: attack, chatgpt, cve, cybersecurity, exploit, hacker, openai, vulnerability

In its latest research report, cybersecurity firm Veriti has spotted active exploitation of a vulnerability within OpenAI’s ChatGPT… First seen on hackread.com Jump to article: hackread.com/hackers-exploit-chatgpt-cve-2024-27564-10000-attacks/
ChatGPT Down as Users Report >>Gateway Time-out<< Error

Mar 17, 2025 9:54 PM

Tags: ai, chatgpt, openai, service

ChatGPT Down: Users report “Gateway time-out” errors. OpenAI’s popular AI chatbot is experiencing widespread outages. Stay updated on the service disruption. First seen on hackread.com Jump to article: hackread.com/chatgpt-down-as-users-report-gateway-time-out-error/
Google, OpenAI Push Urges Trump to Ease AI Export Controls

Mar 17, 2025 6:52 PM

Tags: ai, control, google, openai, regulation

AI Giants Also Like ‘Fair Use’ Exemptions for Copyrighted Material. OpenAI and Google laid out visions for regulation in response to the Trump administration’s AI Action Plan, which aims to help the United States maintain technological lead over China. Both companies want Biden-era export controls lightened. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/google-openai-push-urges-trump-to-ease-ai-export-controls-a-27739
AI Operator Agents Helping Hackers Generate Malicious Code

Mar 17, 2025 1:52 PM

Tags: ai, attack, cyber, hacker, malicious, openai, phishing, threat, tool

Symantec’s Threat Hunter Team has demonstrated how AI agents like OpenAI’s Operator can now perform end-to-end phishing attacks with minimal human intervention, marking a significant evolution in AI-enabled threats. A year ago, Large Language Model (LLM) AIs were primarily passive tools that could assist attackers in creating phishing materials or writing code. Now, with the…
Invisible C2″Š”, “Šthanks to AI-powered techniques

Mar 15, 2025 10:52 AM

Tags: ai, api, attack, breach, business, chatgpt, cloud, communications, control, cyberattack, cybersecurity, data, defense, detection, dns, edr, email, encryption, endpoint, hacker, iot, LLM, malicious, malware, ml, monitoring, network, office, openai, powershell, service, siem, soc, strategy, threat, tool, update, vulnerability, zero-trust

Invisible C2″Š”, “Šthanks to AI-powered techniques Just about every cyberattack needs a Command and Control (C2) channel”Š”, “Ša way for attackers to send instructions to compromised systems and receive stolen data. This gives us all a chance to see attacks that are putting us at risk. LLMs can help attackers avoid signature based detection Traditionally, C2…
OpenAI’s Operator AI agent can be used in phishing attacks, say researchers

Mar 14, 2025 9:52 PM

Tags: ai, attack, openai, phishing

First seen on scworld.com Jump to article: www.scworld.com/news/openais-operator-ai-agent-can-be-used-in-phishing-attacks-say-researchers
Symantec Demonstrates OpenAI’s Operator Agent in PoC Phishing Attack

Mar 14, 2025 7:52 PM

Tags: ai, attack, openai, phishing, risk

Symantec demonstrates OpenAI’s Operator Agent in PoC phishing attack, highlighting AI security risks and the need for proper cybersecurity. First seen on hackread.com Jump to article: hackread.com/symantec-openai-operator-agent-poc-phishing-attack/
Symantec Uses OpenAI Operator to Show Rising Threat of AI Agents

Mar 14, 2025 7:52 PM

Tags: ai, attack, cybersecurity, email, malicious, openai, phishing, powershell, threat

Symantec threat researchers used OpenAI’s Operator agent to carry out a phishing attack with little human intervention, illustrating the looming cybersecurity threat AI agents pose as they become more powerful. The agent learned how to write a malicious PowerShell script and wrote an email with the phishing lure, among other actions. First seen on securityboulevard.com…
DeepSeek R1 Jailbreaked to Create Malware, Including Keyloggers and Ransomware

Mar 14, 2025 1:52 PM

Tags: ai, chatgpt, cyber, cybercrime, exploit, google, intelligence, malicious, malware, openai, ransomware, tool

The increasing popularity of generative artificial intelligence (GenAI) tools, such as OpenAI’s ChatGPT and Google’s Gemini, has attracted cybercriminals seeking to exploit these technologies for malicious purposes. Despite the guardrails implemented by traditional GenAI platforms to prevent misuse, cybercriminals have circumvented these restrictions by developing their own malicious large language models (LLMs), including WormGPT, FraudGPT,…
Breach Roundup: The Ivanti Patch Treadmill

Mar 13, 2025 9:53 PM

Tags: android, apache, apple, breach, flaw, ivanti, malware, north-korea, openai, phishing, update

Also: Patch Tuesday, Equalize Scandal Figure Dies and Polymorphic Extension Attack. This week, Ivanti EPM customers should patch, Patch Tuesday, fake web browser extensions, North Korean Android malware, a key figure in Italy’s Equalize scandal dead of heart attack. Also, Apache Camel flaw, OpenAI’s agent automates phishing and Apple patched another zero day. First seen…
DeepSeek Deep Dive Part 1: Creating Malware, Including Keyloggers and Ransomware

Mar 13, 2025 7:52 PM

Tags: ai, antivirus, api, chatgpt, china, cloud, computer, cryptography, cybercrime, cybersecurity, data, detection, encryption, google, guide, injection, intelligence, law, LLM, malicious, malware, monitoring, network, north-korea, open-source, openai, privacy, programming, ransomware, service, software, strategy, threat, tool, training, unauthorized, vulnerability, windows

Tenable Research examines DeepSeek R1 and its capability to develop malware, such as a keylogger and ransomware. We found it provides a useful starting point, but requires additional prompting and debugging. Background As generative artificial intelligence (GenAI) has increased in popularity since the launch of ChatGPT, cybercriminals have become quite fond of GenAI tools to…
OpenAI Operator Agent Used in ProofConcept Phishing Attack

Mar 13, 2025 2:52 PM

Tags: attack, openai, phishing

Researchers from Symantec showed how OpenAI’s Operator agent, currently in research preview, can be used to construct a basic phishing attack from start to finish. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/openai-operator-agent-proof-concept-phishing-attack
Hackers Exploit Microsoft Copilot for Advanced Phishing Attacks

Mar 13, 2025 12:52 PM

Tags: ai, attack, chatgpt, cyber, exploit, hacker, microsoft, openai, phishing, risk, service

Hackers have been targeting Microsoft Copilot, a newly launched Generative AI assistant, to carry out sophisticated phishing attacks. This campaign highlights the risks associated with the widespread adoption of Microsoft services and the challenges that come with introducing new technologies to employees, as per a report by Cofense. Microsoft Copilot, similar to OpenAI’s ChatGPT, is…
Attackers Can Manipulate AI Memory to Spread Lies

Mar 12, 2025 5:52 PM

Tags: ai, attack, exploit, hacking, injection, openai

Tested on Three OpenAI Models, ‘Minja’ Has High Injection and Attack Rates. A memory injection attack dubbed Minja turns AI chatbots into unwitting agents of misinformation, requiring no hacking and just a little clever prompting. The exploit allows attackers to poison an AI model’s memory with deceptive information, potentially altering its responses for all users.…
Manus mania is here: Chinese ‘general agent’ is this week’s ‘future of AI’ and OpenAI-killer

Mar 11, 2025 8:54 PM

Tags: ai, china, openai

Prompts see it scour the web for info and turn it into decent documents at reasonable speed First seen on theregister.com Jump to article: www.theregister.com/2025/03/10/manus_chinese_general_ai_agent/
MINJA sneak attack poisons AI models for other chatbot users

Mar 11, 2025 9:54 AM

Tags: ai, attack, data, openai

Nothing like an OpenAI-powered agent leaking data or getting confused over what someone else whispered to it First seen on theregister.com Jump to article: www.theregister.com/2025/03/11/minja_attack_poisons_ai_model_memory/
UK CMA Halts Review of Microsoft, OpenAI Partnership

Mar 7, 2025 12:53 AM

Tags: ai, computing, intelligence, microsoft, openai

Probe into Microsoft’s $13 Billion OpenAI Investment Launched in 2023. The U.K. antitrust regulator won’t open an investigation into a partnership between computing giant Microsoft and artificial intelligence company OpenAI. U.K. Competition Market Authority concludes that there is no relevant merger situation. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/uk-cma-halts-review-microsoft-openai-partnership-a-27666
We’re losing”Š”, “Šbut it can’t get any worse, right?

Mar 5, 2025 5:34 PM

Tags: access, ai, antivirus, api, attack, chatgpt, cloud, control, crowdstrike, cybersecurity, defense, detection, edr, encryption, github, infection, injection, korea, LLM, malicious, malware, mandiant, ml, monitoring, network, north-korea, openai, phishing, powershell, service, social-engineering, threat, tool

We’re losing”Š”, “Šbut it can’t get any worse, right? LLMs are being used in many ways by attackers; how blind are you? We’re spending hundreds of billions and losing trillions in cybersecurity. The industry structure is partially to blame. AI is here to help, right? Well, as others have pointed out, AI is being adopted more rapidly…
Microsoft disrupted a global cybercrime ring abusing Azure OpenAI Service

Mar 1, 2025 6:34 PM

Tags: access, ai, cybercrime, data-breach, malicious, microsoft, openai, service, tool, unauthorized

Microsoft exposed four individuals behind an Azure Abuse scheme using unauthorized GenAI access to create harmful content. Microsoft shared the names of four developers of malicious tools designed to bypass the guardrails of generative AI services, including Microsoft’s Azure OpenAI Service. Microsoft is taking legal action against these defendants, dismantling their operation, and curbing misuse…
GPT-4.5 Scores EQ Points, but Not Much Else

Feb 28, 2025 9:34 PM

Tags: ai, openai

Model Appears to Be a Way Station on the Road to Something Greater. OpenAI on Thursday released its latest generative AI model, but don’t call it the next big thing just yet. More thoughtful, persuasive and emotionally intelligent, GPT-4.5 aims to feel less like an algorithm and more like a conversation partner. First seen on…
Microsoft targets AI deepfake cybercrime network in lawsuit

Feb 28, 2025 9:34 PM

Tags: ai, api, breach, cybercrime, deep-fake, microsoft, network, openai, software

Microsoft alleges that defendants used stolen Azure OpenAI API keys and special software to bypass content guardrails and generate illicit AI deepfakes for payment. First seen on techtarget.com Jump to article: www.techtarget.com/searchsecurity/news/366619781/Microsoft-targets-AI-deepfake-cybercrime-network-in-lawsuit
Microsoft files lawsuit against LLMjacking gang that bypassed AI safeguards

Feb 28, 2025 7:34 PM

Tags: access, ai, api, breach, cloud, computing, credentials, cyber, cybercrime, exploit, google, LLM, microsoft, openai, service, threat, tool, vulnerability

LLMjacking can cost organizations a lot of money: LLMjacking is a continuation of the cybercriminal practice of abusing stolen cloud account credentials for various illegal operations, such as cryptojacking, abusing hacked cloud computing resources to mine cryptocurrency. The difference is that large quantities of API calls to LLMs can quickly rack up huge costs, with…
Microsoft Exposes LLMjacking Cybercriminals Behind Azure AI Abuse Scheme

Feb 28, 2025 1:34 PM

Tags: access, ai, cybercrime, intelligence, microsoft, openai, service, unauthorized

Microsoft on Thursday unmasked four of the individuals that it said were behind an Azure Abuse Enterprise scheme that involves leveraging unauthorized access to generative artificial intelligence (GenAI) services in order to produce offensive and harmful content.The campaign, called LLMjacking, has targeted various AI offerings, including Microsoft’s Azure OpenAI Service. The tech giant is First…
Microsoft names alleged credential-snatching ‘Azure Abuse Enterprise’ operators

Feb 28, 2025 5:34 AM

Tags: cloud, credentials, deep-fake, microsoft, openai

Crew helped lowlifes generate X-rated celeb deepfakes using Redmond’s OpenAI-powered cloud claim First seen on theregister.com Jump to article: www.theregister.com/2025/02/28/microsoft_names_and_shames_4/
Does terrible code drive you mad? Wait until you see what it does to OpenAI’s GPT-4o

Feb 27, 2025 8:59 AM

Tags: openai, software, vulnerability

Model was fine-tuned to write vulnerable software then suggested enslaving humanity First seen on theregister.com Jump to article: www.theregister.com/2025/02/27/llm_emergent_misalignment_study/
Researchers Jailbreak OpenAI o1/o3, DeepSeek-R1, and Gemini 2.0 Flash Models

Feb 25, 2025 2:23 PM

Tags: attack, cyber, google, openai

Researchers from Duke University and Carnegie Mellon University have demonstrated successful jailbreaks of OpenAI’s o1/o3, DeepSeek-R1, and Google’s Gemini 2.0 Flash models through a novel attack method called Hijacking Chain-of-Thought (H-CoT). The research reveals how advanced safety mechanisms designed to prevent harmful outputs can be systematically bypassed using the models’ reasoning processes, raising urgent questions…