Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Urban VPN Proxy default-on AI chat harvesting in version 5.5.0

Security Tool/Service
First reported
Last updated
Happening score
H score 10
1 unique sources, 1 articles

Summary

Hide ▲

Urban VPN Proxy reportedly began default-on AI chat harvesting in version 5.5.0, exposing prompts, responses, timestamps and session IDs from major chat platforms and turning a privacy-branded extension into a sensitive-data collection channel. The behavior affects conversations on ChatGPT, Claude and Gemini, and researchers say more than 8 million users across Chrome and Edge may be exposed. The collection cannot be disabled in settings and reportedly continues even when the VPN is off, leaving uninstall as the only stopgap.

Related Happenings

ChatGPT single-prompt DNS side-channel exfiltration remote code execution flaw

Vulnerability
First: 31.03.2026 16:01 Last: 31.03.2026 16:01 Sources 1

About this happening: A **ChatGPT** vulnerability let a **single malicious prompt** covertly exfiltrate prompts, messages, uploaded files, and other sensitive content through a **DNS side channel**. Th...

Open Happening

AiFrame malicious Chrome extension campaign

Campaign
First: 12.02.2026 15:41 Last: 12.02.2026 15:41 Sources 1

About this happening: The **AiFrame** campaign uses **fake AI assistants** in the **Chrome Web Store** to distribute **30 malicious Chrome extensions** that can **steal email content, browser content,...

Open Happening

ChatGPT Mods token-stealing browser-extension campaign

Campaign
First: 30.01.2026 15:42 Last: 30.01.2026 15:42 Sources 1

About this happening: The **ChatGPT Mods** campaign used **16 browser extensions** to inject a **content script** into **chatgpt[.]com**, stealing authentication tokens that could let operators imperso...

Open Happening

Malicious Chrome Web Store extensions exfiltrating ChatGPT and DeepSeek conversations

Malware Activity
First: 06.01.2026 19:21 Last: 06.01.2026 19:21 Sources 1

About this happening: **Malicious Chrome extensions** were used to **exfiltrate ChatGPT and DeepSeek conversations** from active browser sessions, alongside **Chrome tab URLs** and other browsing conte...

Open Happening

Urban VPN Proxy AI chat data leak

Data Leak
First: 15.12.2025 19:46 Last: 15.12.2025 19:46 Sources 1

How related: This allows it to capture prompts, responses, timestamps and session identifiers before the content is displayed to the user. The collected data is then compressed and transmitted to analytics servers operated by Urban VPN.

About this happening: The **Urban VPN Proxy** browser extension was updated on **July 9, 2025** to silently exfiltrate **AI chat prompts and responses**, exposing conversation data from **millions of C...

Open Happening

Timeline

  1. 16.12.2025 18:45 1 articles · 5mo ago

    Urban VPN Proxy version 5.5.0 adds AI chat harvesting

    Technical Analysis Update

    Urban VPN Proxy version 5.5.0 introduced default-on functionality that injects code into supported AI websites, overrides browser network functions, and captures prompts, responses, timestamps and session identifiers from conversations on ChatGPT, Claude, Gemini and other targeted platforms before transmitting the data to company-controlled servers.

    Show sources
    Open in new tab
  2. 16.12.2025 18:45 2 articles · 5mo ago

    Koi publicly identifies Urban VPN Proxy AI chat harvesting

    Initial Disclosure

    Koi identified Urban VPN Proxy as a central example of a Chrome extension with more than 6 million users and a Google “Featured” badge, said the extension harvested AI chat content from ChatGPT, Claude, Gemini and other platforms, and warned that more than 8 million users across Chrome and Edge may be affected; the report also noted that Urban VPN is operated by Urban Cyber Security Inc. and affiliated with BiScience.

    Show sources
    Open in new tab