ChatGPT/Gmail indirect prompt injection ShadowLeak security flaw
Vulnerability
Summary
Hide ▲
Show ▼
Researchers confirmed ShadowLeak, a hidden indirect prompt injection flaw in ChatGPT email integrations, that could steal Gmail contents without detectable network traces. The attack used a malicious email with concealed HTML instructions to steer the cloud-hosted agent into exfiltrating mailbox data to an attacker-controlled server. OpenAI later addressed the issue in August, showing the flaw had been remediated after disclosure.
Related Happenings
Robinhood account creation HTML injection security flaw
Vulnerability
First: 28.04.2026 02:11
Last: 28.04.2026 02:11
Sources 1
About this happening:
**Robinhood**'s **account creation/onboarding flow** was abused to inject **arbitrary HTML** into account confirmation emails, creating a phishing risk for customers. The flaw let...
Robinhood account creation HTML injection security flaw
VulnerabilityAbout this happening: **Robinhood**'s **account creation/onboarding flow** was abused to inject **arbitrary HTML** into account confirmation emails, creating a phishing risk for customers. The flaw let...
Microsoft SharePoint Server spoofing vulnerability (actively exploited) (CVE-2026-32201)
Vulnerability
First: 14.04.2026 20:41
Last: 14.04.2026 20:41
Sources 1
About this happening:
Microsoft patched **CVE-2026-32201** in **Microsoft SharePoint Server**, a **spoofing vulnerability** that was **exploited in attacks** and could affect **confidentiality** and **...
Microsoft SharePoint Server spoofing vulnerability (actively exploited) (CVE-2026-32201)
VulnerabilityAbout this happening: Microsoft patched **CVE-2026-32201** in **Microsoft SharePoint Server**, a **spoofing vulnerability** that was **exploited in attacks** and could affect **confidentiality** and **...
OAuth device-code phishing campaign targeting SaaS accounts
Campaign
First: 04.04.2026 17:17
Last: 04.04.2026 17:17
Sources 1
About this happening:
A **device code phishing** campaign now includes **EvilTokens**, a **phishing-as-a-service** kit sold on **Telegram** that uses the **OAuth 2.0 device authorization flow** to hija...
OAuth device-code phishing campaign targeting SaaS accounts
CampaignAbout this happening: A **device code phishing** campaign now includes **EvilTokens**, a **phishing-as-a-service** kit sold on **Telegram** that uses the **OAuth 2.0 device authorization flow** to hija...
ChatGPT single-prompt DNS side-channel exfiltration remote code execution flaw
Vulnerability
First: 31.03.2026 16:01
Last: 31.03.2026 16:01
Sources 1
About this happening:
A **ChatGPT** vulnerability let a **single malicious prompt** covertly exfiltrate prompts, messages, uploaded files, and other sensitive content through a **DNS side channel**. Th...
ChatGPT single-prompt DNS side-channel exfiltration remote code execution flaw
VulnerabilityAbout this happening: A **ChatGPT** vulnerability let a **single malicious prompt** covertly exfiltrate prompts, messages, uploaded files, and other sensitive content through a **DNS side channel**. Th...
Perplexity Comet prompt-injection research shows agentic browsers can be trained into phishing traps
Technical Analysis
First: 11.03.2026 18:38
Last: 11.03.2026 18:38
Sources 1
About this happening:
**Perplexity's Comet AI browser** is the focus of a **technical analysis** thread showing how **prompt injection** and **malicious URLs** can steer an agentic browser into **data...
Perplexity Comet prompt-injection research shows agentic browsers can be trained into phishing traps
Technical AnalysisAbout this happening: **Perplexity's Comet AI browser** is the focus of a **technical analysis** thread showing how **prompt injection** and **malicious URLs** can steer an agentic browser into **data...
Timeline
-
19.09.2025 22:07 2 articles · 8mo ago
ShadowLeak disclosure and remediation timeline
Technical Analysis UpdateRadware disclosed ShadowLeak, an indirect prompt-injection technique against ChatGPT and Gmail that hides HTML instructions inside a normal-looking email so a cloud-hosted AI agent can be tricked into exfiltrating mailbox contents to an attacker-controlled server without suspicious network traffic on the victim side. The researchers said they realized the issue earlier in spring 2025, reported it to OpenAI in June 2025, found the trick no longer worked in August 2025, and learned through Bugcrowd in September 2025 that OpenAI had acknowledged and fixed the issue.
Show sources
- 'ShadowLeak' ChatGPT Attack Allows Hackers to Invisibly Steal Emails — www.darkreading.com — 19.09.2025 22:07
- ShadowLeak Zero-Click Flaw Leaks Gmail Data via OpenAI ChatGPT Deep Research Agent — thehackernews.com — 20.09.2025 08:31