Tag: openai
-
Trojanized PyPI AI Proxy Steals Claude Prompt, Exfiltrates Data
A malicious PyPI package, hermes-px, that masquerades as a “Secure AI Inference Proxy” while secretly stealing user prompts and abusing a private university AI service. Marketed as an OpenAI-compatible, Tor-routed proxy requiring no API keys, the package actually hijacks a Tunisian university’s internal AI endpoint, injects a stolen Anthropic Claude system prompt, and exfiltrates every…
-
6 ways attackers abuse AI services to hack your business
Tags: ai, api, attack, backdoor, breach, business, ceo, china, control, cve, cyber, cybercrime, cybersecurity, data, email, espionage, exploit, framework, group, hacking, injection, leak, LLM, malicious, malware, marketplace, microsoft, monitoring, open-source, openai, service, skills, software, startup, supply-chain, threat, tool, vulnerabilityAbusing AI platforms as covert C2 channels: Cybercriminals are also abusing AI platforms as covert command-and-control (C2) channels by turning AI services into proxies that hide malicious traffic inside the flow of legitimate content.Instead of running a dedicated C2 server, malware is programmed to fetch commands and exfiltrate data through AI services, circumventing traditional security…
-
Microsoft shivs OpenAI with three new AI models for speech and images
About that partnership… First seen on theregister.com Jump to article: www.theregister.com/2026/04/02/microsoft_models_homegrown_ai_models/
-
Supply Chain Attacks Surge in March 2026
Tags: access, ai, api, attack, authentication, awareness, cloud, container, control, corporate, credentials, crypto, data-breach, github, group, hacking, identity, infrastructure, Internet, kubernetes, least-privilege, linux, LLM, macOS, malicious, malware, mfa, network, north-korea, open-source, openai, phishing, pypi, software, startup, supply-chain, threat, tool, update, vulnerability, windowsIntroductionThere was a significant increase in software supply chain attacks in March 2026. There were five major software supply-chain attacks that occurred including the Axios NPM package compromise, which has been attributed to a North Korean threat actor. In addition, a hacking group known as TeamPCP was able to compromise Trivy (a vulnerability scanner), KICS…
-
Malicious Chrome Extension >>ChatGPT Ad Blocker<< Targets Users, Steals Conversations
Security researchers have uncovered a malicious Google Chrome extension named >>ChatGPT Ad Blocker<>ChatGPT Ad Blocker<< Targets Users, Steals Conversations appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform. First seen on gbhackers.com Jump to article: gbhackers.com/malicious-chrome-extension-targets-chatgpt-users/
-
Attackers trojanize Axios HTTP library in highest-impact npm supply chain attack
Tags: ai, attack, breach, cloud, control, credentials, crypto, github, incident response, linux, LLM, macOS, malicious, malware, monitoring, open-source, openai, powershell, pypi, rat, spam, supply-chain, tool, windowspostinstall hook that would execute a dropper script when it was pulled in by a different package as a dependency.Shortly after midnight UTC on March 31 a new version of the Axios package, axios@1.14.1, was published on npm followed by axios@0.30.4 39 minutes later. Both listed plain-crypto-js@4.2.1 as a dependency in their package.json files, but…
-
ChatGPT Security Issue Enabled Data Theft via Single Prompt
OpenAI has patched vulnerability, which Check Point said was because of a DNS loophole First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/chatgpt-security-issue-steal-data/
-
OpenAI patches twin leaks as Codex slips and ChatGPT spills
ChatGPT’s hidden outbound channel leaks user data: OpenAI has reportedly fixed a parallel bug in ChatGPT that goes beyond credential theft. Check Point researchers uncovered a hidden outbound communication path in ChatGPT’s code execution runtime that could be triggered with a single malicious prompt.This channel successfully bypassed the platform’s expected safeguards around external data sharing.…
-
OpenAI Codex Vulnerability Allowed Attackers to Steal GitHub Tokens
OpenAI Codex vulnerability allowed attackers to steal GitHub tokens via malicious branch names using hidden Unicode command injection flaw. First seen on hackread.com Jump to article: hackread.com/openai-codex-vulnerability-steal-github-tokens/
-
OpenAI Patches ChatGPT Data Exfiltration Flaw and Codex GitHub Token Vulnerability
A previously unknown vulnerability in OpenAI ChatGPT allowed sensitive conversation data to be exfiltrated without user knowledge or consent, according to new findings from Check Point.”A single malicious prompt could turn an otherwise ordinary conversation into a covert exfiltration channel, leaking user messages, uploaded files, and other sensitive content,” the cybersecurity company said in First…
-
Schwachstelle bei ChatGPT erlaubte Konversationsdaten auszulesen
Die Sicherheitsforscher von Check Point Research haben eine bislang unbekannte Sicherheitslücke aufgedeckt, die es ermöglichte, sensible ChatGPT-Konversationsdaten unbemerkt ohne Wissen oder Zustimmung der Nutzer abzusaugen. Inzwischen hat OpenAI die Lücke geschlossen. Die entdeckte Schwachstelle zeigt, KI-Plattformen müssen wie Cloud- und Computing-Infrastruktur behandelt werden. Die integrierte Sicherheit beseitigt Risiken nicht. Unternehmen können sich nicht […] First…
-
Make OpenAI’s models misbehave and earn a reward
OpenAI’s public Safety Bug Bounty program focuses on AI abuse and safety risks across its products. The goal is to support safe and secure systems and reduce the risk of … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/27/openai-safety-bug-bounty-program/
-
OpenAI Expands Bug Bounty to Cover AI Abuse and ‘Safety’ Concerns
OpenAI’s Safety Bug Bounty program seeks to address AI safety vulnerabilities beyond traditional security flaws First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/openai-bug-bounty-ai-abuse-safety/
-
Julius v0.2.0: From 33 to 63 Probes, Now Detecting Cloud AI, Enterprise Inference, and RAG Pipelines
TL;DR: Julius v0.2.0 nearly doubles LLM fingerprinting probe coverage from 33 to 63, adding detection for cloud-managed AI services (AWS Bedrock, Azure OpenAI, Vertex AI), high-performance inference servers (SGLang, TensorRT-LLM, Triton), AI gateways (Portkey, Helicone, Bifrost), and self-hosted RAG platforms (PrivateGPT, RAGFlow, Quivr). This release also hardens the scanner itself with response size limiting and……
-
OpenAI rolls out ChatGPT Library to store your personal files
OpenAI is rolling out a new feature called ‘Library’ for ChatGPT, which allows you to store your personal files or images on OpenAI’s cloud storage, so you can reference those items in a future chat. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/artificial-intelligence/openai-rolls-out-chatgpt-library-to-store-your-personal-files/
-
The hidden cost of AI speed: Unmanaged cyber risk
Tags: access, ai, attack, business, chatgpt, ciso, cloud, control, cyber, cybersecurity, data, data-breach, exploit, flaw, google, governance, identity, infrastructure, injection, intelligence, monitoring, open-source, openai, privacy, radius, risk, service, software, threat, tool, vulnerabilityAI isn’t just moving fast. It’s creating new attack paths. Cyber teams must now manage vulnerabilities and their ramifications throughout their IT environments in AI tools deployed without enough governance guardrails. The answer for securing this new attack surface? Unified exposure management. Key takeaways AI as an attack vector: By connecting to core workflows and…
-
OpenAI Introduces GPT-5.4 Mini and Nano for Faster, Lightweight AI Performance
OpenAI has officially launched GPT-5.4 mini and GPT-5.4 nano, introducing high-efficiency models optimized for automated workflows, coding subagents, and latency-sensitive deployments. These models are designed to reduce application programming interface (API) overhead while maintaining complex reasoning capabilities, making them highly relevant for professionals scaling automated data extraction or telemetry analysis pipelines. Architecture and Capability Enhancements…
-
Big tech companies step in to support the open source security ecosystem
The Linux Foundation announced $12.5 million in grant funding backed by Anthropic, AWS, GitHub, Google, Google DeepMind, Microsoft, and OpenAI to strengthen open source … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/18/linux-foundation-open-source-security-12-5-million-funding/
-
prompted: Key Insights from the AI Security Practitioners Conference FireTail Blog
Tags: ai, api, application-security, attack, automation, conference, cybersecurity, data, defense, detection, exploit, google, infrastructure, injection, LLM, malicious, malware, monitoring, openai, risk, strategy, theft, threat, tool, training, update, vulnerability, zero-dayMar 17, 2026 – Jeremy Snyder – The State of AI Security: Moving Beyond TheoryThe biggest shift evident at the [un]prompted AI Security Practitioners Conference was the move from purely theoretical discussions about “what could go wrong” to concrete, battle-tested methodologies for “what is going wrong and how we fix it.” It’s clear that AI…
-
prompted: Key Insights from the AI Security Practitioners Conference FireTail Blog
Tags: ai, api, application-security, attack, automation, conference, cybersecurity, data, defense, detection, exploit, google, infrastructure, injection, LLM, malicious, malware, monitoring, openai, risk, strategy, theft, threat, tool, training, update, vulnerability, zero-dayMar 17, 2026 – Jeremy Snyder – The State of AI Security: Moving Beyond TheoryThe biggest shift evident at the [un]prompted AI Security Practitioners Conference was the move from purely theoretical discussions about “what could go wrong” to concrete, battle-tested methodologies for “what is going wrong and how we fix it.” It’s clear that AI…
-
Runtime: The new frontier of AI agent security
Tags: access, ai, automation, ceo, ciso, computer, container, control, crowdstrike, cybersecurity, data, detection, edr, endpoint, firewall, framework, incident response, jobs, monitoring, network, openai, risk, saas, technology, threat, tool, vulnerability, zero-dayWhat runtime monitoring looks like: Once an organization knows where its agents are, the question is what to watch for, and how.Elia Zaitsev, CTO of CrowdStrike, tells CSO that existing endpoint detection and response (EDR) tools already capture the kinds of behavior needed to track AI agents. They instrument operating systems like a flight data…
-
Big Tech Unites: Industry Giants Sign Global Accord to Combat AI-Driven Scams
In a rare display of unified defense, eight of the world’s most powerful technology firms have signed a landmark pact to disrupt the global scam networks currently siphoning billions of dollars from consumers. The Online Services Accord Against Scams signed by Google, Amazon.com Inc., Microsoft Corp., Meta Platforms Inc., OpenAI, LinkedIn, Adobe Inc., and Match..…
-
Google, Microsoft, Amazon, and Others Unite Under New Anti-Scam Pact
Google, Meta, Amazon, OpenAI, and others join a new voluntary accord to share signals, tighten safeguards, and fight online scams across platforms. The post Google, Microsoft, Amazon, and Others Unite Under New Anti-Scam Pact appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-big-tech-anti-scam-accord/
-
OpenAI says ChatGPT ads are not rolling out globally for now
OpenAI told BleepingComputer that ChatGPT ads on Free and Go plans are not yet rolling out outside the United States, even though some users noticed references to ads in the updated privacy policy. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/artificial-intelligence/openai-says-chatgpt-ads-are-not-rolling-out-globally-for-now/
-
Canada Needs Nationalized, Public AI
Canada has a choice to make about its artificial intelligence future. The Carney administration is investing $2-billion over five years in its Sovereign AI Compute Strategy. Will any value generated by “sovereign AI” be captured in Canada, making a difference in the lives of Canadians, or is this just a passthrough to investment in American…
-
OpenAI’s Promptfoo Deal Plugs Agentic AI Testing Gap
OpenAI’s latest acquisition addresses a security need Jamieson O’Reilly, security advisor at OpenClaw, raised during an exclusive interview with Infosecurity First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/openai-promptfoo-deal-agentic-ai/
-
OpenAI Acquires Security Startup Promptfoo to Fortify AI Agents
OpenAI has snapped up Promptfoo, a specialized artificial intelligence (AI) security startup, to bolster the safety of autonomous digital workers and convince enterprise clients that AI co-workers are ready for high-stakes business environments. OpenAI did not disclose financial terms of the transaction. PitchBook data indicates Promptfoo was valued at $119 million following a $22 million..…