Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Radware. Show all posts
zero-click
ChatGPT OpenAI Radware ShadowLeak Vulnerabilities and Exploits zero-click

ShadowLeak: Zero-Click ChatGPT Flaw Exposes Gmail Data to Silent Theft

 

A critical zero-click vulnerability known as "ShadowLeak" was recently discovered in OpenAI's ChatGPT Deep Research agent, exposing users’ sensitive data to stealthy attacks without any interaction required. 

Uncovered by Radware researchers and disclosed in September 2025, the vulnerability specifically targeted the Deep Research agent's integration with applications like Gmail. This feature, launched by OpenAI in February 2025, allows the agent to autonomously browse, analyze, and synthesize large amounts of online and personal data to produce detailed reports.

The ShadowLeak exploit works through a technique called indirect prompt injection, where an attacker embeds hidden commands in an HTML-formatted email—such as white-on-white text or tiny fonts—that are invisible to the human eye. 

When the Deep Research agent reads the booby-trapped email in the course of fulfilling a standard user request (like “summarize my inbox”), it executes those hidden commands. Sensitive Gmail data, including personal or organizational details, is then exfiltrated directly from OpenAI’s cloud servers to an attacker-controlled endpoint, with no endpoint or user action needed.

Unlike prior attacks (such as AgentFlayer and EchoLeak) that depended on rendering attacker-controlled content on a user’s machine, ShadowLeak operates purely on the server side. All data transmission and agent decisions take place within OpenAI’s infrastructure, bypassing local, enterprise, or network-based security tools. The lack of client or network visibility means the victim remains completely unaware of the compromise and has no chance to intervene, making it a quintessential zero-click threat.

The impact of ShadowLeak is significant, with potential leakage of personally identifiable information (PII), protected health information (PHI), business secrets, legal strategies, and more. It also raises the stakes for regulatory compliance, as such exfiltrations could trigger GDPR, CCPA, or SEC violations, along with serious reputational and financial damage.

Radware reported the vulnerability to OpenAI via the BugCrowd platform on June 18, 2025. OpenAI responded promptly, fixing the issue in early August and confirming that there was no evidence the flaw had been exploited in the wild. 

OpenAI underscored its commitment to strengthening defenses against prompt injection and similar attacks, welcoming continued adversarial testing by security researchers to safeguard emerging AI agent architectures.
Read more »
Radware
ChatGPT ChatGPT risks Cyber Security Data Leak Data protection data security Gmail Hackers OpenAI Radware

OpenAI Patches ChatGPT Gmail Flaw Exploited by Hackers in Deep Research Attacks

 

OpenAI has fixed a security vulnerability that could have allowed hackers to manipulate ChatGPT into leaking sensitive data from a victim’s Gmail inbox. The flaw, uncovered by cybersecurity company Radware and reported by Bloomberg, involved ChatGPT’s “deep research” feature. This function enables the AI to carry out advanced tasks such as web browsing and analyzing files or emails stored in services like Gmail, Google Drive, and Microsoft OneDrive. While useful, the tool also created a potential entry point for attackers to exploit.  

Radware discovered that if a user requested ChatGPT to perform a deep research task on their Gmail inbox, hackers could trigger the AI into executing malicious instructions hidden inside a carefully designed email. These hidden commands could manipulate the chatbot into scanning private messages, extracting information such as names or email addresses, and sending it to a hacker-controlled server. The vulnerability worked by embedding secret instructions within an email disguised as a legitimate message, such as one about human resources processes. 

The proof-of-concept attack was challenging to develop, requiring a detailed phishing email crafted specifically to bypass safeguards. However, if triggered under the right conditions, the vulnerability acted like a digital landmine. Once ChatGPT began analyzing the inbox, it would unknowingly carry out the malicious code and exfiltrate data “without user confirmation and without rendering anything in the user interface,” Radware explained. 

This type of exploit is particularly difficult for conventional security tools to catch. Since the data transfer originates from OpenAI’s own infrastructure rather than the victim’s device or browser, standard defenses like secure web gateways, endpoint monitoring, or browser policies are unable to detect or block it. This highlights the growing challenge of AI-driven attacks that bypass traditional cybersecurity protections. 

In response to the discovery, OpenAI stated that developing safe AI systems remains a top priority. A spokesperson told PCMag that the company continues to implement safeguards against malicious use and values external research that helps strengthen its defenses. According to Radware, the flaw was patched in August, with OpenAI acknowledging the fix in September.

The findings emphasize the broader risk of prompt injection attacks, where hackers insert hidden commands into web content or messages to manipulate AI systems. Both Anthropic and Brave Software recently warned that similar vulnerabilities could affect AI-enabled browsers and extensions. Radware recommends protective measures such as sanitizing emails to remove potential hidden instructions and enhancing monitoring of chatbot activities to reduce exploitation risks.
Read more »
Ransomware group
Cyber Attacks DDOS Attacks Radware Ransomware group

DDoS Campaign Exposed by the Security Firm Radware

 

Security firm Radware uncovered the threat actors' campaign named 'distributed denial-of-service' (DDoS). This campaign was launched to target the same set of victims from September 2020 after the companies failed to pay the initial ransom between five and ten bitcoins ($160,000 and $320,000) as demanded by the threat actors.

According to the reports, an anonymous group of hackers attacked the victims in August or September 2020 for the first time. In December 2020 and January, threat actors sent additional ransom extortion emails to the organizations after the victims failed to pay the initial ransom. Threat actors attacked the organizations with a DDoS strike immediately after the organizations received the second set of intimidating messages.

The latest DDoS strike surpassed 200Gbps and continued for more than nine hours without any disruption. As per the reports of Radware, the latest ransom note reads, “maybe you forgot us, but we didn’t forget you. We were busy working on more profitable projects, but now we are back”.

Radware security experts are convinced that the series of attacks were managed by the same ransomware group due to the identical infrastructure in the strike and the messages received from the ransomware group. Also, the organizations that received the latest letters were not leaked in the media last year therefore only the original ransomware group would have known that the companies have been targeted last year.

Radware security experts have noticed the change in the threat actor’s strategy, in previous strikes threat actors targeted the organizations for few weeks and then passed on. “The 2020-2021 global ransom DDoS campaign represents a strategic shift from these tactics. DDoS extortion has now become an integral part of the threat landscape for organizations across nearly every industry since the middle of 2020”, the report explained.

This group of threat actors does not hold back in returning to the targets that originally ignored their warnings, this is the massive fundamental change in the tactics of threat actors. According to Radware, the companies should be prepared for another letter and strike in the upcoming months.
Read more »
Subscribe to: Comments (Atom)