Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label zero-click. Show all posts
zero-click
AI Cloud Data Internet Spyware Technology zero-click

Zero-click Exploit AI Flaws to Hack Systems


What if machines, not humans, become the centre of cyber-warfare? Imagine if your device could be hijacked without you opening any link, downloading a file, or knowing the hack happened? This is a real threat called zero-click attacks, a covert and dangerous type of cyber attack that abuses software bugs to hack systems without user interaction. 

The threat

These attacks have used spywares such as Pegasus and AI-driven EchoLeak, and shown their power to attack millions of systems, compromise critical devices, and steal sensitive information. With the surge of AI agents, the risk is high now. The AI-driven streamlining of work and risen productivity has become a lucrative target for exploitation, increasing the scale and attack tactics of breaches.

IBM technology explained how the combination of AI systems and zero-click flaws has reshaped the cybersecurity landscape. “Cybercriminals are increasingly adopting stealthy tactics and prioritizing data theft over encryption and exploiting identities at scale. A surge in phishing emails delivering infostealer malware and credential phishing is fueling this trend—and may be attributed to attackers leveraging AI to scale distribution,” said the IBM report.

A few risks of autonomous AI are highlighted, such as:

  • Threat of prompt injection 
  • Need for an AI firewall
  • Gaps in addressing the challenges due to AI-driven tech

About Zero-click attacks

These attacks do not need user interaction, unlike traditional cyberattacks that relied on social engineering campaigns or phishing attacks. Zero-click attacks exploit flaws in communication or software protocols to gain unauthorized entry into systems.  

Echoleak: An AI-based attack that modifies AI systems to hack sensitive information.

Stagefright: A flaw in Android devices that allows hackers to install malicious code via multimedia messages (MMS), hacking millions of devices.

Pegasus: A spyware that hacks devices through apps such as iMessage and WhatsApp, it conducts surveillance, can gain unauthorized access to sensitive data, and facilitate data theft as well.

How to stay safe?

According to IBM, “Despite the magnitude of these challenges, we found that most organizations still don’t have a cyber crisis plan or playbooks for scenarios that require swift responses.” To stay safe, IBM suggests “quick, decisive action to counteract the faster pace with which threat actors, increasingly aided by AI, conduct attacks, exfiltrate data, and exploit vulnerabilities.”

Read more »
zero-click
ChatGPT OpenAI Radware ShadowLeak Vulnerabilities and Exploits zero-click

ShadowLeak: Zero-Click ChatGPT Flaw Exposes Gmail Data to Silent Theft

 

A critical zero-click vulnerability known as "ShadowLeak" was recently discovered in OpenAI's ChatGPT Deep Research agent, exposing users’ sensitive data to stealthy attacks without any interaction required. 

Uncovered by Radware researchers and disclosed in September 2025, the vulnerability specifically targeted the Deep Research agent's integration with applications like Gmail. This feature, launched by OpenAI in February 2025, allows the agent to autonomously browse, analyze, and synthesize large amounts of online and personal data to produce detailed reports.

The ShadowLeak exploit works through a technique called indirect prompt injection, where an attacker embeds hidden commands in an HTML-formatted email—such as white-on-white text or tiny fonts—that are invisible to the human eye. 

When the Deep Research agent reads the booby-trapped email in the course of fulfilling a standard user request (like “summarize my inbox”), it executes those hidden commands. Sensitive Gmail data, including personal or organizational details, is then exfiltrated directly from OpenAI’s cloud servers to an attacker-controlled endpoint, with no endpoint or user action needed.

Unlike prior attacks (such as AgentFlayer and EchoLeak) that depended on rendering attacker-controlled content on a user’s machine, ShadowLeak operates purely on the server side. All data transmission and agent decisions take place within OpenAI’s infrastructure, bypassing local, enterprise, or network-based security tools. The lack of client or network visibility means the victim remains completely unaware of the compromise and has no chance to intervene, making it a quintessential zero-click threat.

The impact of ShadowLeak is significant, with potential leakage of personally identifiable information (PII), protected health information (PHI), business secrets, legal strategies, and more. It also raises the stakes for regulatory compliance, as such exfiltrations could trigger GDPR, CCPA, or SEC violations, along with serious reputational and financial damage.

Radware reported the vulnerability to OpenAI via the BugCrowd platform on June 18, 2025. OpenAI responded promptly, fixing the issue in early August and confirming that there was no evidence the flaw had been exploited in the wild. 

OpenAI underscored its commitment to strengthening defenses against prompt injection and similar attacks, welcoming continued adversarial testing by security researchers to safeguard emerging AI agent architectures.
Read more »
zero-click
Mobile Security Spyware Threat Intelligence User Privacy Whatsapp Leak zero-click

Here's How to Safeguard Your Smartphone Against Zero-Click Attacks

 

Spyware tools have been discovered on the phones of politicians, journalists, and activists on numerous occasions over the past decade. This has prompted worries regarding the lack of protections in the tech industry and an unprecedented expansion of spyware technologies. 

Meta's WhatsApp recently stated that it has detected a hacking campaign aimed at roughly ninety users, the majority of whom were journalists and civil society activists from two dozen countries. 

According to a WhatsApp representative, the attack was carried out by the Israeli spyware company Paragon Solutions, which is now controlled by the Florida-based private equity firm AE Industrial Partners. Graphite, Paragon's spyware, infiltrated WhatsApp groups by sending them a malicious PDF attachment. It can access and read messages from encrypted apps such as WhatsApp and Signal without the user's knowledge. 

What is a zero-click attack? 

A zero-click attack, such as the one on WhatsApp, compromises a device without requiring any user activity. Unlike phishing or one-click attacks, which rely on clicking a malicious link or opening an attachment, zero-click leverages a security flaw to stealthily gain complete access after the device has been infected. 

"In the case of graphite, via WhatsApp, some kind of payload, like a PDF or an image, [was sent to the victims' devices] and the underlying processes that receive and handle those packages have vulnerabilities that the attackers exploit [to] infect the phone,” Rocky Cole, co-founder of mobile threat protection company iVerify, noted.

While reports do not indicate "whether graphite can engage in privilege escalation [vulnerability] and operate outside WhatsApp or even move into the iOS kernel itself, we do know from our own detections and other work with customers, that privilege escalation via WhatsApp in order to gain kernel access is indeed possible," Cole added. 

The iVerify team believes that the malicious attacks are "potentially more widespread" than the 90 individuals who were reported to have been infected by graphite because they have discovered cases where a number of WhatsApp crashes on [mobile] devices [they're] monitoring with iVerify have seemed to be malicious in nature.

While the WhatsApp hack primarily targeted civil society activists, Cole believes mobile spyware is a rising threat to everyone since mobile exploitation is more pervasive than many people realise. Moreover, the outcome is an emerging ecosystem around mobile spyware development and an increasing number of VC-backed mobile spyware companies are under pressure to become viable organisations. This eventually increases marketing competition for spyware merchants and lowers barriers that might normally deter these attacks. 

Mitigation tips

Cole recommends users to treat their phones as computers. Just as you use best practices to safeguard traditional endpoints like laptops from exploitation and compromise, you should do the same for phones. This includes rebooting your phone on a daily basis because most of these exploits remain in memory rather than files, and rebooting your phone should theoretically wipe out the malware as well, he said. 

If you have an Apple device, you can also enable Lockdown Mode. As indicated by Cole, "lockdown mode has the effect of reducing some functionality of internet-facing applications [which can] in some ways reduce the attack surface to some degree."

Ultimately, the only way to properly safeguard oneself from zero-click capabilities is to address the underlying flaws. Cole emphasised that only Apple, Google, and app developers may do so. "So as an end user, it's critically important that when a new security patch is available, you apply it as soon as you possibly can," the researcher added.
Read more »
zero-click
Data Breach Hackers paragon Spyware WhatsApp zero-click

WhatsApp Fixes Security Flaw Exploited by Spyware

 



WhatsApp recently fixed a major security loophole that was being used to install spyware on users' devices. The issue, known as a zero-click, zero-day vulnerability, allowed hackers to access phones without the user needing to click on anything. Security experts from the University of Toronto’s Citizen Lab uncovered this attack and linked it to Paragon’s spyware, called Graphite.  

The flaw was patched by WhatsApp in late 2023 without requiring users to update their app. The company also chose not to assign a CVE-ID to the vulnerability, as it did not meet specific reporting criteria.  

A WhatsApp spokesperson confirmed that hackers used the flaw to target certain individuals, including journalists and activists. WhatsApp directly reached out to around 90 affected users across multiple countries.  


How the Attack Worked  

Hackers used WhatsApp groups to launch their attacks. They added their targets to a group and sent a malicious PDF file. As soon as the file reached the victim’s phone, the device automatically processed it. This triggered the exploit, allowing the spyware to install itself without any user action.  

Once installed, the spyware could access sensitive data and private messages. It could also move beyond WhatsApp and infect other apps by bypassing Android’s security barriers. This gave attackers complete control over the victim’s device.  


Who Was Targeted?  

According to Citizen Lab, the attack mostly focused on individuals who challenge governments or advocate for human rights. Journalists, activists, and government critics were among the key targets. However, since only 90 people were officially notified by WhatsApp, experts believe the actual number of victims could be much higher.  

Researchers found a way to detect the spyware by analyzing Android device logs. They identified a forensic marker, nicknamed "BIGPRETZEL," that appears on infected devices. However, spotting the spyware is still difficult because Android logs do not always capture all traces of an attack.  


Spyware Linked to Government Agencies  

Citizen Lab also investigated the infrastructure used to operate the spyware. Their research uncovered multiple servers connected to Paragon’s spyware, some of which were linked to government agencies in countries like Australia, Canada, Cyprus, Denmark, Israel, and Singapore. Many of these servers were rented through cloud platforms or hosted directly by government agencies.  

Further investigation revealed that the spyware's digital certificates contained the name “Graphite” and references to installation servers. This raised concerns about whether Paragon's spyware operates similarly to Pegasus, another surveillance tool known for being used by governments to monitor individuals.  


Who Is Behind Paragon Spyware?  

Paragon Solutions Ltd., the company behind Graphite spyware, is based in Israel. It was founded in 2019 by Ehud Barak, Israel’s former Prime Minister, and Ehud Schneorson, a former commander of Unit 8200, an elite Israeli intelligence unit.  

Paragon claims that it only sells its technology to democratic governments for use by law enforcement agencies. However, reports have shown that U.S. agencies, including the Drug Enforcement Administration (DEA) and Immigration and Customs Enforcement (ICE), have purchased and used its spyware.  

In December 2024, a U.S.-based investment firm, AE Industrial Partners, bought Paragon, further raising questions about its future operations and how its surveillance tools may be used.  


Protecting Yourself from Spyware  

While WhatsApp has fixed this specific security flaw, spyware threats continue to evolve. Users can take the following steps to protect themselves:  

1. Update Your Apps: Always keep your apps updated, as companies frequently release security patches.  

2. Be Cautious of Unknown Files: Never open suspicious PDFs, links, or attachments from unknown sources.  

3. Enable Two-Factor Authentication: Adding an extra layer of security to your accounts makes it harder for hackers to break in.  

4. Check Your Device Logs: If you suspect spyware, seek professional help to analyze your phone’s activity.  

Spyware attacks are becoming more advanced, and staying informed is key to protecting your privacy. WhatsApp’s quick response to this attack highlights the ongoing battle against cyber threats and the need for stronger security measures.  


Read more »
Subscribe to: Comments (Atom)