top of page
ALL POSTS
ChatGPT Web Summary Vulnerability Enables Phishing Attacks Through Malicious Page Redirects
Key Findings Permiso Security discovered ChatGPhish, a vulnerability in ChatGPT that exploits the AI's trust in Markdown links and images to enable prompt injection and phishing attacks Attackers can embed malicious payloads in web pages that ChatGPT summarizes, causing automatic image fetching that leaks user IP addresses, User-Agent data, and Referer information The vulnerability transforms ChatGPT's response interface into a phishing surface by rendering malicious links, f
May 304 min read
We Discovered Eight Attack Vectors in AWS Bedrock. Here's What Attackers Could Do With Them
Key Findings Eight validated attack vectors discovered across AWS Bedrock environments, spanning log manipulation, knowledge base compromise, agent hijacking, flow injection, guardrail degradation, and prompt poisoning Attack chains begin with low-level permissions and escalate to reach critical enterprise assets including Salesforce, SharePoint, Active Directory, and databases Knowledge bases and agents represent the highest-value targets due to their direct connectivity to
Mar 244 min read
OpenClaw AI Agent Vulnerabilities: Prompt Injection and Data Exfiltration Risks
Here's the markdown-formatted article based on the source material: Key Findings OpenClaw AI agent has multiple critical security vulnerabilities Prompt injection attacks can lead to data exfiltration and unauthorized system access Chinese authorities have moved to restrict OpenClaw usage in government and military environments Malicious actors are exploiting the platform's popularity to distribute malware Background OpenClaw is an open-source, self-hosted autonomous AI agent
Mar 152 min read
bottom of page
