Find notable cyber news and cases, enriched with sources, timelines, and signals.

LLMShare ChatGPT share-link malware lure campaign

Campaign
First reported
Last updated
Happening score
H score 47
1 unique sources, 1 articles

Summary

Hide ▲

The LLMShare campaign is using Google ads and a legitimate chatgpt.com shared page to route people searching for ChatGPT into a fake OpenAI outage lure that pushes a malicious download. The operation abuses trust in the real domain to increase click-through and hide the handoff to a malware-delivery site. Similar abuse of Claude Artifacts suggests the same AI-sharing tactic is being reused across multiple platforms.

Related Happenings

OpenAI ChatGPT Atlas BioShocking fix

Advisory/Mitigation
H score34 First: 01.07.2026 00:50 Last: 01.07.2026 00:50 Sources 1

About this happening: OpenAI delivered a **working fix** for **BioShocking** in **ChatGPT Atlas**, closing a prompt-injection path that could push an AI browser toward unsafe real-world actions and **c...

IPhone AI chatbot traffic leak of API keys, replayable tokens, and open relays

Technical Analysis
H score27 First: 30.06.2026 16:49 Last: 30.06.2026 16:49 Sources 1

About this happening: **LLMKeyLens** testing found **444 iPhone AI chatbot apps** leaking **paid AI access**, exposing **API keys**, **replayable tokens**, and **open relays** that let others bill mode...

OpenAI ChatGPT Lockdown Mode rollout limits prompt-injection exfiltration paths

Security Tool/Service
H score10 First: 06.06.2026 16:36 Last: 06.06.2026 16:36 Sources 1

About this happening: **OpenAI ChatGPT** is rolling out **Lockdown Mode** for eligible personal accounts, reducing the risk of **prompt-injection-driven data exfiltration**. The update adds stricter li...

OpenAI Codex codexui-android supply-chain token theft campaign

Campaign
H score48 First: 01.06.2026 12:31 Last: 01.06.2026 12:31 Sources 1

About this happening: A **malicious supply-chain campaign** is stealing **OpenAI Codex authentication tokens** from developers through the **codexui-android** npm package and mirrored Android apps, cre...

ChatGPT and Claude phishing and malvertising campaign

Campaign
H score36 First: 01.06.2026 12:30 Last: 01.06.2026 12:30 Sources 1

About this happening: The **ChatGPT**- and **Claude**-themed **phishing and malvertising campaign** is actively steering users to fake download pages that can deliver malware. Attackers are using **Goo...

Timeline

  1. 29.05.2026 21:21 2 articles · 1mo ago

    LLMShare campaign abuses ChatGPT share links to deliver malware

    Initial Disclosure

    Push Security identified the LLMShare campaign using Google ads to steer people searching for ChatGPT to a shared chatgpt.com/s page that renders a fake OpenAI outage notice and prompts a desktop-app download. The download button leads to openew[.]app, which impersonates OpenAI's desktop application portal and offers macOS and Windows malware downloads; the page is rendered through ChatGPT itself using custom HTML and CSS.

    Show sources