ChatGPT

Pierluigi Paganini August 27, 2025
ESET warns of PromptLock, the first AI-driven ransomware

ESET found PromptLock, the first AI-driven ransomware, using OpenAI’s gpt-oss:20b via Ollama to generate and run malicious Lua scripts. In a series of messages published on X, ESET Research announced the discovery of the first known AI-powered ransomware, named PromptLock. The PromptLock malware uses the gpt-oss:20b model from OpenAI locally via the Ollama API to […]

Pierluigi Paganini June 09, 2025
OpenAI bans ChatGPT accounts linked to Russian, Chinese cyber ops

OpenAI banned ChatGPT accounts tied to Russian and Chinese hackers using the tool for malware, social media abuse, and U.S. satellite tech research. OpenAI banned ChatGPT accounts that were used by Russian-speaking threat actors and two Chinese nation-state actors. The blocked accounts were used to assist malware development, social media automation, and research about U.S. […]

Pierluigi Paganini March 18, 2025
ChatGPT SSRF bug quickly becomes a favorite attack vector

Threat actors exploit a server-side request forgery (SSRF) flaw, tracked as CVE-2024-27564, in ChatGPT, to target US financial and government organizations. Cybersecurity firm Veriti reports that threat actors are exploiting a server-side request forgery (SSRF) vulnerability, tracked as CVE-2024-27564 (CVSS score of 6.5), in ChatGPT to target financial and government organizations in the US. The […]

Pierluigi Paganini December 24, 2024
Italy’s data protection watchdog fined OpenAI €15 million over ChatGPT’s data management violations

Italy’s data protection watchdog fined OpenAI €15 million for ChatGPT’s improper collection of personal data. Italy’s privacy watchdog, Garante Privacy, fined OpenAI €15M after investigating ChatGPT’s personal data collection practices. The Italian Garante Priacy also obliges OpenAI to conduct a six-month informational campaign over ChatGPT’s data management violations. The decision stems from a March 2023 […]

Pierluigi Paganini October 11, 2024
Iran and China-linked actors used ChatGPT for preparing attacks

OpenAI disrupted 20 cyber and influence operations in 2023, revealing Iran and China-linked actors used ChatGPT for planning ICS attacks. OpenAI announced the disruption of over 20 cyber and influence operations this year, involving Iranian and Chinese state-sponsored hackers. The company uncovered the activities of three threat actors abusing ChatGPT to launch cyberattacks. One of […]

Pierluigi Paganini September 16, 2024
Hacker tricked ChatGPT into providing detailed instructions to make a homemade bomb

A hacker tricked ChatGPT into providing instructions to make homemade bombs demonstrating how to bypass the chatbot safety guidelines. A hacker and artist, who goes online as Amadon, tricked ChatGPT into providing instructions to make homemade bombs bypassing the safety guidelines implemented by the chatbot. Initially, the expert asked for detailed instructions to create a […]

Pierluigi Paganini July 06, 2024
Hackers stole OpenAI secrets in a 2023 security breach

The New York Times revealed that OpenAI suffered a security breach in 2023, but the company says source code and customer data were not compromised. OpenAI suffered a security breach in 2023, the New York Times reported. The American newspaper revealed that the threat actors gained access to the internal discussions among researchers and other […]

Pierluigi Paganini March 14, 2024
Researchers found multiple flaws in ChatGPT plugins

Researchers analyzed ChatGPT plugins and discovered several types of vulnerabilities that could lead to data exposure and account takeover. Researchers from Salt Security discovered three types of vulnerabilities in ChatGPT plugins that can be could have led to data exposure and account takeovers. ChatGPT plugins are additional tools or extensions that can be integrated with […]

Pierluigi Paganini February 15, 2024
Nation-state actors are using AI services and LLMs for cyberattacks

Microsoft and OpenAI warn that nation-state actors are using ChatGPT to automate some phases of their attack chains, including target reconnaissance and social engineering attacks. Multiple nation-state actors are exploiting artificial intelligence (AI) and large language models (LLMs), including OpenAI ChatGPT, to automate their attacks and increase their sophistication. According to a study conducted by […]

Pierluigi Paganini January 30, 2024
Italian data protection authority said that ChatGPT violated EU privacy laws

Italian data protection authority regulator authority Garante said that ChatGPT violated European Union data privacy regulations. The Italian data protection authority regulator authority, known as “Garante per la protezione dei dati personali”, announced it has notified OpenAI that ChatGPT violated the EU data protection regulation GDPR. In early April 2023, the Italian Data Protection Authority temporarily […]