ATBASH

A RESEARCHER TURNED OPENAI'S, GOOGLE'S AND ANTHROPIC'S CODING AGENTS INTO REMOTE-CONTROLLED PUPPETS USING NOTHING BUT TEXT HIDDEN ON A PAGE This is Johann Rehberger. Twenty years in offensive security, a contributor to MITRE ATT&CK, the guy frontier labs actually listen to. He sat down and ran live exploits against OpenAI's Operator, Google's Jules, Claude Code, Devin and Amazon Q. Not theory. Hidden text on a webpage. A poisoned file. A comment buried in a repo. The agent reads it, treats the attacker's words as your orders, and goes to work -- exfiltrating tokens, running code, turning itself into a remote-controlled "ZombAI" wired into someone else's command server. The part that should keep you up: the injection persists. The agent doesn't get tricked once and recover. It stays compromised, quietly executing a stranger's intent every time it runs. Autonomy isn't the flex anymore -> it's the attack surface. The moment an agent can move money or merge code on its own, "it followed instructions" stops being a defense. The guardrails you trust were never reading the same page the attacker wrote on. Save this before you hand another agent your prod access ↓

⚠️ New ChatGPT Vulnerability Lets Attackers Turn Web Pages Into Phishing Payloads Source: https://t.co/mjxOMbnRRX A browser-based prompt injection technique that transforms any web page into a phishing delivery surface by exploiting ChatGPT’s page summarization feature, rendering attacker-controlled links, fake security alerts, and QR codes directly inside the trusted ChatGPT interface. The attack builds on the same trust-transfer logic previously demonstrated against Microsoft Copilot, where attacker-crafted email content could manipulate AI-generated summaries through Cross Prompt Injection Attacks (XPIA). ChatGPhish escalates that premise by swapping the bounded email primitive for the browser where users spend the majority of their working day. #cybersecuritynews #vulnerability