Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

OpenAI ChatGPT Deep Research ShadowLeak fix

Security Patch Release
First reported
Last updated
Happening score
H score 27
1 unique sources, 1 articles

Summary

Hide ▲

OpenAI addressed ShadowLeak in ChatGPT Deep Research, closing a zero-click flaw that could leak Gmail inbox data from a single crafted email. The issue was disclosed on June 18, 2025 and fixed in early August, after researchers showed how indirect prompt injection hidden in email HTML could steer the agent. The remediation matters because the exfiltration path ran through OpenAI's cloud infrastructure and could affect users who enabled mail or other connector integrations.

Related Happenings

TeamPCP campaign expands across multiple victims

Campaign
First: 15.05.2026 13:54 Last: 15.05.2026 13:54 Sources 1

About this happening: The **TeamPCP / Mini Shai-Hulud** supply-chain operation is actively compromising **hundreds of packages**, exposing **downstream developers** to **malware delivery** and **creden...

Open Happening

OpenAI hit by cyberattack

Incident
First: 14.05.2026 22:07 Last: 14.05.2026 22:07 Sources 1

About this happening: OpenAI confirmed **two employees' devices** were breached, giving attackers access to a limited set of internal source code repositories and forcing a precautionary rotation of **...

Open Happening

Widespread exposure and misconfiguration in self-hosted AI infrastructure

Target Trend
First: 05.05.2026 13:30 Last: 05.05.2026 13:30 Sources 1

About this happening: A large-scale measurement found **self-hosted AI infrastructure** was being deployed with **widespread exposure and no authentication**, creating a broad risk of data theft, workf...

Open Happening

Moltbook wide-open database exposure

Data Leak
First: 22.04.2026 13:41 Last: 22.04.2026 13:41 Sources 1

About this happening: The **Moltbook** database exposure placed **35,000 email addresses** and **1.5 million agent API tokens** at risk, creating immediate potential for account hijacking and credentia...

Open Happening

OpenAI ChatGPT security update for prompt exfiltration flaw

Security Patch Release
First: 31.03.2026 16:01 Last: 31.03.2026 16:01 Sources 1

About this happening: OpenAI deployed a **security update** for **ChatGPT** on **February 20**, closing a flaw that could let a **single malicious prompt** covertly exfiltrate **prompts, messages, uplo...

Open Happening

Timeline

  1. 20.09.2025 08:31 2 articles · 8mo ago

    OpenAI ChatGPT Deep Research ShadowLeak disclosure and fix

    Mitigation Patch Update

    Researchers disclosed ShadowLeak, a zero-click flaw in OpenAI ChatGPT Deep Research that could leak sensitive Gmail inbox data from a single crafted email using indirect prompt injection hidden in email HTML. Following responsible disclosure on June 18, 2025, OpenAI addressed the issue in early August, reducing the risk that ChatGPT Deep Research users with Gmail integration or other supported connectors could have inbox content exfiltrated through OpenAI's cloud environment.

    Show sources
    Open in new tab