Cybersecurity researchers at Tenable have uncovered seven vulnerabilities in OpenAI’s ChatGPT, specifically affecting its GPT-4o and GPT-5 models. These flaws could allow attackers to steal personal data from users’ memories and chat histories without their knowledge. OpenAI has since patched several of the issues, which were found to make the chatbot susceptible to indirect prompt injection attacks—a manipulation technique that tricks large language models into executing hidden or malicious commands.
A major international investigation led by Eurojust, the European Union’s judicial cooperation agency, has resulted in the arrest of nine individuals accused of running a large-scale cryptocurrency investment scam. The operation, supported by prosecutors from France, Belgium, Spain, Germany, and Cyprus, targeted a network allegedly behind a series of fake crypto investment websites.
Cybercriminals are increasingly targeting trucking and logistics companies with remote monitoring and management (RMM) software to infiltrate systems, gain control, and ultimately steal physical freight, according to Proofpoint. The threat group, active since mid-2025, appears to be working with organized crime networks to bid on and divert legitimate shipments—most often food and beverage cargo that is later sold online or shipped overseas.
Kaspersky researchers have exposed Operation ForumTroll, a cyber-espionage campaign using “Dante,” a new spyware tool developed by Memento Labs, the rebranded successor of the infamous Hacking Team.
Security researchers say a North Korea–linked Lazarus sub-group (known as BlueNoroff and by multiple APT aliases) is running twin campaigns — GhostCall and GhostHire — aimed at the Web3 and blockchain ecosystem.
Cybersecurity firm LayerX Security has discovered a serious vulnerability in OpenAI’s new ChatGPT Atlas browser that could allow attackers to inject malicious instructions directly into a user’s ChatGPT memory. Dubbed “ChatGPT Tainted Memories,” the flaw enables remote code execution and account compromise without user awareness.
The New York State Department of Financial Services (NYDFS) has released updated cybersecurity guidance outlining how financial services firms should manage risks associated with third-party service providers (TPSPs).
Cybercriminals are increasingly abusing internal OAuth-based applications to gain long-term access to enterprise cloud environments, according to new research from Proofpoint. These malicious applications can remain undetected for extended periods, allowing attackers to retain access to high-privileged accounts even after password resets or multi-factor authentication (MFA) enforcement. Because OAuth tokens authorize access without requiring credentials, they offer a covert way for attackers to persist inside compromised systems.
