Cybercriminals are increasingly exploiting vulnerabilities in email clients and AI systems to conduct phishing attacks and data theft. A recent warning from Cisco Talos highlights that attackers are using CSS properties—such as media, text-indent, and opacity—to bypass spam filters and track user actions without relying on JavaScript. This technique allows them to create evasive phishing messages that can compromise user security. Additionally, a vulnerability identified as CVE-2024-27564 in OpenAI's ChatGPT infrastructure has been targeted by attackers, enabling them to inject malicious URLs into input parameters. This server-side request forgery (SSRF) vulnerability poses risks to both individual users and government organizations, as it can facilitate espionage and data theft. Reports indicate that these attacks have been ongoing for several months, raising concerns about the effectiveness of current cybersecurity measures.
🚨SlowMist Security Alert🚨 Attackers are actively targeting #OpenAI, exploiting CVE-2024-27564, a Server-Side Request Forgery (SSRF) vulnerability in OpenAI’s #ChatGPT infrastructure. It allows attackers to inject malicious URLs into input parameters, forcing the application to… https://t.co/kva4tPDTMK
Nation-state actors and cybercrime gangs abuse malicious .lnk files for espionage and data theft: https://t.co/cwPPIwFEVj by Security Affairs #infosec #cybersecurity #technology #news
ChatGPT SSRF bug quickly becomes a favorite attack vector: https://t.co/i4xWPsmdYr by Security Affairs #infosec #cybersecurity #technology #news