MEDIUMAi
Global

ChatGPhish Vulnerability Turns ChatGPT Web Summaries Into a Phishing Surface

·Source: The Hacker News

Updated:

Executive Summary

Cybersecurity researchers have disclosed details of a vulnerability in OpenAI ChatGPT that leverages the artificial intelligence (AI) assistant's implicit trust in Markdown links and images to trigger prompt injections and open the door to phishing attacks. The technique has been codenamed ChatGPhish by Permiso Security. "The chatgpt.com response renderer trusts Markdown links and Markdown

Analysis

Cybersecurity researchers have disclosed details of a vulnerability in OpenAI ChatGPT that leverages the artificial intelligence (AI) assistant's implicit trust in Markdown links and images to trigger prompt injections and open the door to phishing attacks. The technique has been codenamed ChatGPhish by Permiso Security. "The chatgpt.com response renderer trusts Markdown links and Markdown

Indicators of Compromise (1)

Domain (1)
chatgpt.com
VirusTotalURLhaus
Source Attribution

Originally published by The Hacker News on May 29, 2026.

Related Threats

CRITICALAiNEW

Microsoft and security researcher’s dueling posts about cybersecurity disclosures get nasty

Microsoft and a prominent cybersecurity researcher have gotten into a very public and rather personal exchange of unpleasantries about what responsible cybersecurity disclosures should mean in 2026. A cybersecurity researcher going by the name Nightmare Eclipse, who has disclosed several cybersecurity holes before patches were available, posted that he had tried to contact Microsoft officials and

CVE-2026-45585
CSO Online
LOWAi

Metasploit Wrap Up 05/29/2026

More Linux LPEs Hark the age of the Linux LPE has arrived. This week’s release follows up on recent work bringing new Linux LPEs to Metasploit users. Copy Fail seemed to have kicked off a trend of similar bugs and hot on its heels is Dirty Frag. Dirty Frag is actually two vulnerabilities in a trenchcoat, individually identified as CVE-2026-43284 and CVE-2026-43500. Each is exploitable individually

CVE-2026-43284CVE-2026-43500
Rapid7
MEDIUMAi

ISMG Editors: Are We Ready for a Post-Mythos Security World?

<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/ismg-editors-are-we-ready-for-post-mythos-security-world-image_small-5-a-31814.jpg" align=right hspace=4><b>Also: Why Traditional Patching Can't Keep Up, Closing the AI Visibility Gap</b><br>In this week's panel, four ISMG editors discussed what Anthropic's controversial Mythos AI model signals for the future of cybersecurity, whe

Bank Info Security