惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

S
Schneier on Security
The Register - Security
The Register - Security
月光博客
月光博客
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
The GitHub Blog
The GitHub Blog
博客园 - 司徒正美
罗磊的独立博客
U
Unit 42
S
SegmentFault 最新的问题
Y
Y Combinator Blog
博客园_首页
Hugging Face - Blog
Hugging Face - Blog
J
Java Code Geeks
Schneier on Security
Schneier on Security
Know Your Adversary
Know Your Adversary
C
Check Point Blog
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
Simon Willison's Weblog
Simon Willison's Weblog
V
Vulnerabilities – Threatpost
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
阮一峰的网络日志
阮一峰的网络日志
The Hacker News
The Hacker News
博客园 - 叶小钗
C
Cybersecurity and Infrastructure Security Agency CISA
Spread Privacy
Spread Privacy
L
LINUX DO - 热门话题
T
The Exploit Database - CXSecurity.com
P
Palo Alto Networks Blog
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
Latest news
Latest news
L
Lohrmann on Cybersecurity
A
About on SuperTechFans
L
LangChain Blog
Stack Overflow Blog
Stack Overflow Blog
S
Securelist
A
Arctic Wolf
D
Darknet – Hacking Tools, Hacker News & Cyber Security
T
Threatpost
Scott Helme
Scott Helme
博客园 - 聂微东
博客园 - 【当耐特】
T
Tenable Blog
I
Intezer
D
DataBreaches.Net
B
Blog RSS Feed
Security Latest
Security Latest
C
Cisco Blogs
T
Tor Project blog
N
Netflix TechBlog - Medium

The Register - Security: Patches

Cisco SD-WAN make-me-root bug under attack Ivanti tells Sentry customers to patch now as critical bugs hit 10.0 and 9.9 AI is making Patch Tuesday (kinda) fun again Anthropic to release Mythos-class models to the public Clear your calendar, Drupal user: You have a critically urgent patch to install Welcome to the vulnpocalypse, as vendors use AI to find bugs and patches multiply like rabbits Doozy of a Patch Tuesday includes 30 critical Microsoft CVEs Critical cPanel, WHM flaw probs exploited as 0-day, pros say Microsoft patch fell short. New Windows flaw exploited More Cisco SD-WAN bugs battered in attacks Critical Fortinet sandbox bugs allow auth bypass and RCE Ancient Excel bug comes out of retirement for active attacks Microsoft's massive Patch Tuesday: It's raining bugs Ransomware scum, other crims exploit 4 old Microsoft bugs Attackers exploited the FortiClient EMS bug as a 0-day Citrix NetScaler bug may be multiple flaws in one Ransomware crims abused Cisco 0-day weeks before disclosure Google rushes Chrome update to fix zero-days under attack CISA warns max-severity n8n bug is being exploited in the wild Cisco warns of two more SD-WAN bugs under active attack LexisNexis Legal & Professional confirms data breach Five Eyes warn: Patch your Cisco SD-WAN or risk root takeover Patch these 4 critical, make-me-root SolarWinds bugs ASAP Attacker gets into France's DB listing all bank accounts CISA gives feds 3 days to patch actively exploited Dell bug CISA gives feds 3 days to patch actively exploited Dell bug Google fixes exploited Chrome CSS zero-day Critical Microsoft bug from 2024 under exploitation Apple patches decade-old iOS zero-day exploited in the wild Microsoft's Valentine's gift to admins: 6 zero-day fixes Microsoft's Valentine's gift to admins: 6 zero-day fixes Critical SolarWinds Web Help Desk bug under attack Critical React Native Metro dev server bug under attack Critical React Native Metro dev server bug under attack OpenClaw patches one-click RCE as security Whac-A-Mole continues Ivanti's January bad luck continues as 0-days hit customers Critical VMware vCenter Server bug under attack Critical VMware vCenter Server bug under attack FortiGate SSO bug still exploitable despite December patch Ancient telnet bug happily hands out root to attackers Cisco plugs up Unified Comms zero-day under active exploit Cloudflare whacks WAF bypass bug that opened side door Cloudflare whacks WAF bypass bug that opened side door Anthropic quietly fixed flaws in its Git MCP server Sorry Dave, I’m afraid I can’t do that! PCs refuse to shut down after Microsoft patch Patch Tuesday update makes Windows PCs refuse to shut down Cisco finally fixes max-severity bug under active attack for weeks Cisco finally fixes max-severity bug under attack for weeks Windows info-disclosure 0-day bug gets a fix as CISA sounds alarm Python libraries in AI/ML models can be poisoned w metadata Python libraries in AI/ML models can be poisoned w metadata Ruh-roh, there's a Cisco ISE bug POC on the loose Ruh-roh, there's a Cisco ISE bug POC on the loose CISA flags exploited Office relic alongside fresh HPE flaw Critical n8n bug allows unauthenticated server takeover Logitech mouse mayhem traced to expired dev certificate 'Heartbleed of MongoDB' under active exploit Microsoft fixes Message Queuing issue in new update Microsoft fixes Message Queuing issue in new update Critical-rated WatchGuard Firebox flaw under active attack HPE OneView RCE bug scores a perfect 10 Apple, Google forced to issue emergency 0-day patches Microsoft RasMan DoS 0-day gets unofficial patch - and a working exploit Microsoft RasMan 0-day gets an unofficial patch and exploit New React vulns leak secrets, invite DoS attacks Google fixes super-secret 8th Chrome 0-day Microsoft fixes Windows shortcut flaw exploited for years Microsoft fixes Windows shortcut flaw exploited for years Two Android 0-day bugs patched, plus 105 more fixes Fortinet finally cops to critical bug under active exploit Cisco warns of 'new attack variant' battering firewalls Docker Compose vulnerability opens door to host-level writes Microsoft issues out-of-band patch for critical WSUS flaw Vulnerable Rust crate exposes uv Python packager Oracle rushes out another emergency E-Business Suite patch 50K Cisco firewalls remain vulnerable to advanced attacks Exploits using GoAnywhere perfect-10 bug confirmed Critical Cisco firewall holes under active attack SonicWall releases rootkit-busting firmware update SolarWinds patches critical RCE - for the third time Fortra discloses 10/10 severity bug in GoAnywhere MFT Google pushes emergency patch for Chrome 0-day Apple backports patch to older kit after 0-day exploitation
OpenAI plugs ShadowLeak bug in ChatGPT
Carly Page · 2025-09-19 · via The Register - Security: Patches

Patches

OpenAI plugs ShadowLeak bug in ChatGPT that let miscreants raid inboxes

Radware says flaw enabled hidden email prompts to trick Deep Research agent into exfiltrating sensitive data

ChatGPT's research assistant sprung a leak – since patched – that let attackers steal Gmail secrets with just a single carefully crafted email.

Deep Research, a tool unveiled by OpenAI in February, enables users to ask ChatGPT to browse the internet or their personal email inbox and generate a detailed report on its findings. The tool can be integrated with apps like Gmail and GitHub, allowing people to do deep dives into their own documents and messages without ever leaving the chat window.

Cybersecurity outfit Radware this week disclosed a critical flaw in the feature, dubbed "ShadowLeak," warning that it could allow attackers to siphon data from inboxes with no user interaction whatsoever. Researchers showed that simply sending a maliciously crafted email to a Deep Research user was enough to get the agent to exfiltrate sensitive data when it later summarized that inbox.

The attack relies on hiding instructions inside the HTML of an email using white-on-white text, CSS tricks, or metadata, which a human recipient would never notice. When Deep Research later crawls the mailbox, it dutifully follows the attacker's hidden orders and sends the contents of messages, or other requested data, to a server controlled by the attacker.

Radware stressed that this isn't just a prompt injection on the user's machine. The malicious request is executed from OpenAI's own infrastructure, making it effectively invisible to corporate security tooling.

That server-side element is what makes ShadowLeak particularly nasty. There's no dodgy link for a user to click, and no suspicious outbound connection from the victim's laptop. The entire operation happens in the cloud, and the only trace is a benign-looking query from the user to ChatGPT asking it to "summarize today's emails".

Radware's report warns that attackers could leak personally identifiable information, internal deal memos, legal correspondence, customer records, and even login credentials, depending on what sits in the mailbox. The researchers argue that the risk isn't limited to Gmail either. Any integration that lets ChatGPT hoover up private documents could be vulnerable to the same trick if input sanitization isn't watertight.

"ShadowLeak weaponizes the very capabilities that make AI assistants useful: email access, tool use, and autonomous web calls," Radware researchers said. "It results in silent data loss and unlogged actions performed 'on behalf of the user,' bypassing traditional security controls that assume intentional user clicks or data leakage prevention at the gateway level."

The potential consequences go beyond embarrassment. Depending on what is leaked, companies could find themselves on the hook for GDPR or CCPA violations, suffer regulatory investigations, and become victims of downstream fraud. Because the attack leaves so little forensic evidence, incident responders may struggle to prove what was taken.

Radware said it reported the ShadowLeak bug to OpenAI on June 18 and the company released a fix on September 3. The Register asked OpenAI what specific changes were made to mitigate this vulnerability and whether it had seen any evidence that the vulnerability had been exploited in the wild before disclosure, but did not receive a response.

Radware is urging organizations to treat AI agents as privileged users and to lock down what they can access. HTML sanitization, stricter control over which tools agents can use, and better logging of every action taken in the cloud are all on its list of recommendations. ®