Find notable cyber news and cases, enriched with sources, timelines, and signals.

ChatGPT prompt-injection URL-modification bypass ZombieAgent security flaw

Vulnerability
First reported
Last updated
Happening score
H score 0
1 unique sources, 1 articles

Summary

Hide ▲

ZombieAgent is a newly identified prompt-injection vulnerability in ChatGPT that could leak sensitive data from connected services such as Gmail, Outlook, Google Drive, and GitHub. The flaw bypassed OpenAI’s URL-modification defenses by using pre-constructed static URLs and exfiltrating data one character at a time. It was reported through BugCrowd in September 2025 and reportedly fixed in mid-December 2025.

Related Happenings

OpenAI ChatGPT Atlas BioShocking fix

Advisory/Mitigation
H score34 First: 01.07.2026 00:50 Last: 01.07.2026 00:50 Sources 1

About this happening: OpenAI delivered a **working fix** for **BioShocking** in **ChatGPT Atlas**, closing a prompt-injection path that could push an AI browser toward unsafe real-world actions and **c...

OpenClaw message-object prompt injection patched in 2026.4.23 security flaw

Vulnerability
H score15 First: 11.06.2026 20:46 Last: 11.06.2026 20:46 Sources 1

About this happening: **OpenClaw** has a patched **message-object prompt injection flaw** that let hidden instructions inside **shared contacts, vCards, and location pins** reach the LLM as trusted pro...

OpenAI ChatGPT Lockdown Mode rollout limits prompt-injection exfiltration paths

Security Tool/Service
H score10 First: 06.06.2026 16:36 Last: 06.06.2026 16:36 Sources 1

About this happening: **OpenAI ChatGPT** is rolling out **Lockdown Mode** for eligible personal accounts, reducing the risk of **prompt-injection-driven data exfiltration**. The update adds stricter li...

OpenAI ChatGPT renderer Markdown link/image phishing security flaw

Vulnerability
H score16 First: 29.05.2026 21:07 Last: 29.05.2026 21:07 Sources 1

About this happening: **ChatGPT** has a **response-renderer vulnerability** that turns summarized third-party pages into **live phishing links** and auto-fetched **attacker-hosted images** inside the t...

ChatGPT single-prompt DNS side-channel exfiltration remote code execution flaw

Vulnerability
H score33 First: 31.03.2026 16:01 Last: 31.03.2026 16:01 Sources 1

About this happening: A **ChatGPT** vulnerability let a **single malicious prompt** covertly exfiltrate prompts, messages, uploaded files, and other sensitive content through a **DNS side channel**. Th...

Timeline

  1. 08.01.2026 18:45 2 articles · 6mo ago

    ChatGPT prompt-injection URL-modification bypass ZombieAgent security flaw

    Initial Disclosure

    Researchers identified **ZombieAgent**, a ChatGPT prompt-injection weakness that could drive the agent to leak data from connected services. OpenAI reportedly closed the issue in **mid-December 2025** after a **September 2025** report through **BugCrowd**.

    Show sources