ChatGPhish
Coverage of ChatGPhish in the Nexus archive.
- ChatGPhish Vulnerability Turns ChatGPT Web Summaries Into a Phishing Surface
Cybersecurity researchers have identified a vulnerability in OpenAI's ChatGPT that exploits the AI's trust in Markdown links and images to execute phishing attacks through prompt injections. The flaw, named ChatGPhish by Permiso Security, allows attackers to manipulate ChatGPT's web summaries into phishing surfaces.
- ChatGPT blindly trusts browser content, turning the page into a payload
A researcher discovered ChatGPT cannot distinguish between its own content and attacker-controlled Markdown from external sources, enabling prompt injection attacks that could inject phishing URLs or fake security alerts. The vulnerability, reported as 'ChatGPhish,' allows attackers to bypass desktop URL defenses via QR codes linking to attacker-controlled content, though it's unclear if OpenAI has fixed the issue.