Versions of the package code-server before 4.10.1 are vulnerable to Missing Origin Validation in WebSockets handshakes. Exploiting this vulnerability can allow an adversary in specific scenarios to access data from and connect to the code-server instance.

Code v1.75.1

**Security**

Added an origin check to web sockets to prevent cross-site hijacking attacks on  
users using older or niche browser that do not support SameSite cookies and  
attacks across sub-domains that share the same root domain.

The check requires the host header to be set so if you use a reverse proxy  
ensure it forwards that information otherwise web sockets will be blocked.

CVE-2023-26114: Release v4.10.1 · coder/code-server

In Malwarebytes before 4.5.23, a symbolic link may be used delete any arbitrary file on the system by exploiting the local quarantine system. It can also lead to privilege escalation in certain scenarios.

**SUMMARY:**

 In Malwarebytes before 4.5.22.236, a symbolic link may be used delete any arbitrary file on the system by exploiting the local quarantine system. It can also lead to privilege escalation in certain scenarios.

**AFFECTED VERSIONS**

*   Malwarebytes for Windows < v4.5.22.236

**PATCHED VERSIONS**

*   Malwarebytes for Windows: v4.5.22.236.

**MITIGATION ADVICE**

**We recommend upgrading the affected endpoints to the patched versions.**

**DETAILS**

**CWE**

**CVS 3.x**

**Vector**

CWE-269: Improper Privilege Management

8.6 High

Local

**RECOGNITION**

filip\_000

**REFERENCES**

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26088

CVE-2023-26088: CVE-2023-26088 - Malwarebytes for Windows - Arbitrary file deletion and privilege escalation

Nearly 20% of the zero-day flaws that attackers exploited in 2022 were in network, security, and IT management products, Mandiant says.

An analysis of data associated with zero-day attacks in 2022 suggests that threat actors are increasingly probing for security weaknesses in edge-infrastructure technologies, including VPNs, firewalls, and IT management products.

Researchers from Mandiant tracked a total of 55 zero-day vulnerabilities that adversaries exploited in various malicious campaigns last year and found that 10 of them involved an Internet-facing edge device.

Among them were CVE-2022-1040 and CVE-2022-3236 in Sophos firewalls, CVE-2022-20821 in Cisco IOS, CVE-2022-42474 and CVE-2022-41226 in Fortinet's FortiOS, CVE-2022-288810 in Zoho ManageEngine, and CVE-2022-35247 in SolarWinds Serv-u.

**Hunting on the Edge**

Casey Charrier, Mandiant senior analyst at Google Cloud, says adversaries are focusing on edge technologies likely because they perceive enterprise organizations as having fewer capabilities around endpoint detection and response (EDR) than they have around network monitoring.

"That's definitely an element that we assess is a focus of Chinese threat groups right now," Charrier says. "As more organizations integrate Internet of Things (IoT) devices into their environment, they'll need to take this into consideration when evaluating security tools and the security of these devices."

The 55 zero-days that Mandiant observed adversaries using in 2022 are fewer than the all-time high of 81 that its researchers observed in 2021. Even so, the number was nearly three times higher than the 20 zero-days Mandiant observed being exploited in 2020.

**Chinese Actors Continue to Be Most Active Exploiters of Zero-Days**

As has been the case for some time now, Chinese state-sponsored threat groups exploited more zero-days in 2022 than any other threat group. Of the 13 zero-days that Mandiant was able to identify as likely exploited by a state-backed group, seven — or more than half — involved a Chinese advanced persistent threat (APT) group.

One example is CVE-2022-30190, a vulnerability in the Microsoft Windows Support Diagnostic Tool that enables remote code execution (RCE) via malicious Office documents, even when a user might have disabled macros. Chinese threat actors used the vulnerability, also referred to as "Follina," in numerous threat campaigns throughout the year, making it one of the most heavily exploited flaws of 2022.

Several of the zero-days that Chinese state actors leveraged in attacks last year targeted network devices. One example is CVE-2022-42475, a buffer-overflow flaw in FortiOS SSL VPN technology that a China-based actor used in a campaign last year to deliver a highly customized tool for exploiting Fortinet's FortiGate firewalls. Another flaw in this category that a Chinese actor abused is CVE-2022-41328, a path traversal vulnerability in FortiOS. Mandiant observed a Chinese group identified as UNC3886 exploiting the vulnerability in a potential cyber-espionage campaign. The same actor was previously associated with an attack campaign targeting VMware ESXi hypervisors using a new technique with malicious vSphere Installation Bundles.

Mandiant said it also observed zero-day exploit activity involving North Korean threat actors ticking up slightly in 2022 compared with previous years. The two zero-days that Mandiant identified North Korean actors exploiting were: CVE-2022-0609, a Google Chrome vulnerability that a North Korean group exploited in a campaign targeting the high tech, media, and financial sectors, and CVE-2022-41128, an RCE in Windows Server that North Korea's APT37 exploited in a phishing campaign.

**Financially Motivated Cyberattackers Want in on the Action Too**

Financially motivated threat actors continued to be another set of adversaries that actively exploited zero-day vulnerabilities last year, though not to the same extent as in 2021. Of the 16 zero-days for which Mandiant was able to attribute a motive, four were used in financially motivated attacks. Many of these attacks involved ransomware deployments. Examples include CVE-2022-29499, an RCE flaw in a Mitel VoIP appliance that a threat actor used to deploy Lorenz ransomware, and CVE-2022-41091, i.e. a Windows Mark of the Web flaw that the operator of the Magniber ransomware used in one campaign.

Since 2019, zero-day exploit activity involving ransomware groups has been increasing, says Charrier. "This is the case for a variety of reasons," Charrier notes. "For one, ransomware, as a proportion of all financially motivated activity, has continued to grow and take over the criminal ecosystem. Second, it can be more obfuscated in terms of tracking the money as well as tracking any sort of victim payments."

Microsoft, Google, and Apple topped the charts — as they always have — in terms of the number of zero-day vulnerabilities in their respective products. The three vendors together accounted for 37 of the 55 zero-days that Mandiant tracked last year. Fifteen of the zero-days in operating systems affected Windows and nine out of 11 browser zero-days were in Google Chrome.

At the same time, the number of zero-days that threat actors found and exploited in other technologies grew as well. As zero-day numbers increase, so do the number of vendors that are victims, Charrier says: "While the top three targeted vendors remain consistent, the variety of additional targeted vendors generally continues to expand and vary each year."

Attackers Are Probing for Zero-Day Vulns in Edge Infrastructure Products

By Waqas
Pinduoduo has confirmed the incident, but denied the presence of malware in its app.
This is a post from HackRead.com Read the original post: Google Suspends Chinese Shopping App Pinduoduo Over Malware Concerns

****The company has criticized the cherry-picking of its app, arguing that other apps have been suspended at the same time and it’s not fair to single out their app.****

Google has temporarily suspended Pinduoduo, a leading Chinese budget shopping app, from its Play Store due to the discovery of malware in certain versions of the app.

The news of Pinduoduo’s ban came just a couple of weeks after Shein, another Chinese shopping giant, was caught copying clipboard content on Android phones of users who were using its older version.

In a statement issued on Tuesday, Google stated that it found malware in some versions of the app that were not available on the Play Store. The company has enforced Google Play Protect, which scans installed Android phone apps for malicious behaviour, on these allegedly harmful apps.

Google has set the Play Protect enforcement to block the installation of these apps and prompt users to uninstall them if they have already downloaded them to their devices.

Pinduoduo has confirmed that it is in communication with Google for further information, and it has also stated that several other apps have been suspended at the same time. Pinduoduo has over 900 million users and is one of China’s most popular e-commerce platforms.

Pinduoduo made a name for itself with its group-buying business model, which allowed users to save money by pooling together and buying items in bulk.

The app’s US-listed parent company, PDD, launched Temu, an online shopping platform in the United States last year, which has quickly become the most downloaded app in the US for both iOS and Android.

The app has been downloaded 24 million times since its launch in September and has more than 11 million monthly active users.

At the time of publication, the Pinduoduo app was unavailable on the Play Store. (Screenshot: Hackread.com)

In a statement, Pinduoduo said that “we strongly reject the speculation and accusation by some anonymous researcher and non-conclusive response from Google that Pinduoduo app is malicious.”

Malware refers to any software developed to steal data or damage computer systems and mobile devices. When hidden in apps, it can be used to gain unauthorized access to information on a user’s phone.

Google has not mentioned Temu in its statement, and the app is still available to download on the Play Store. Pinduoduo has strongly rejected the accusations of malicious activity and speculation surrounding the suspension of its app.

1.  Google removes ClearURLs Chrome extension
2.  Google Ads drop FatalRAT in fake messenger apps
3.  Apple removes Clearview AI iPhone app from Store
4.  Zombinder Lets Hackers Add Malware to Legit Apps
5.  Google bans Avast security extensions over snooping

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Google Suspends Chinese Shopping App Pinduoduo Over Malware Concerns

Review and update plans to minimize recovery time. Practice and a well-thumbed playbook that considers different scenarios will ensure faster recovery of critical data.

The threat landscape is complex, and the tactics used by threat actors are constantly evolving. In this never-ending game of cat and mouse, it seems no matter what cybersecurity advancements the good guys make, it's a perpetual state of catch-up. As tactics evolve, so should readiness plans.

All businesses, regardless of size, should have a set of incident response plans that take into consideration a variety of situations. For example, the action you take for a ransomware attack versus discovering an employee doing something nefarious are greatly different. Having a playbook that considers many scenarios ensures nothing is missed. After all, the last thing any business wants to do during a crisis is ad hoc incident response.

**Key Points to Cover**

Incident response requires meticulous planning; this is something smaller businesses often struggle with. While not all organizations have the resources to plan for every potential scenario, the goal is to get to a place of satisfaction.

The following considerations will make the process less daunting.

**Know your assets.** Identify critical assets and put steps in place to revive them in the event of a failure. For example, create a list of internal systems that are core to the function of day-to-day business. It doesn't have to be a cyberattack that could take these offline. Hardware failures, natural disasters, and faulty updates can cause disruptions. Regardless of the cause, having a plan in place speeds the rebound process.

Since even carefully built backup-and-recovery plans can be compromised in an attack, additional safeguards are important for cyber resilience. For example, in anticipation of a ransom attack, keep multiple copies of backups in different domains (e.g., local and cloud). Likewise, consider backup solutions that do not allow an attacker to rewrite, encrypt, or modify previous backups. Equally important, maintain a history of restored points and backups that cannot be compromised; this will allow one to restore from a good copy of an earlier snapshot. While not all malware attacks are ransomware, the ability to quickly recover data following an incident is essential to minimize downtime and resume normal business operations.

**Take the time to learn.** Cybersecurity is challenging because even with the rights steps taken and all the right boxes checked, a business can still fall victim to an attack. However, each encounter with a security incident is also an opportunity to learn.

For those that dig deeper, valuable insight can be gained as to how a user initially encountered a threat. There may be something upstream of their actions that could be improved upon. Maybe they clicked on an email that got through the spam filter. Additional opportunities exist when users report a suspicious email; take the opportunity to learn how it got into their inbox. This is where an IT or security operations center (SOC) team can really help; this is also where experience can make a big difference.

**Plan and practice.** There's no one-size-fits-all incident response plan. Have plans for a variety of security incidents that you can anticipate. An employee doing something nefarious that requires them to be fired on the spot requires a different course of action than the discovery of a third-party breach. For each scenario, create a playbook to ensure nothing is missed.

Don't wait for an incident to test the effectiveness of plans. To identify gaps and achieve a desired level of confidence, it's important to run an occasional fire drill. Reflect on how things went and look for areas of improvement.

Set up a rapid response alias via e-mail to ensure all stakeholders are included; this allows for quick alert in the event of an incident, so less time is spent delegating and more time is spent recovering. Involve this team early on, during the build out of response plans and assignment of responsibilities in the event an attack does take place. A fire drill will expose what (or who) is missed and what could be done better.

**Practice, Then Review Plans Annually**

Once a level of comfort is achieved, this doesn't mean you never practice again. Confidence simply lowers the cadence for reviewing plans. As tactics shift, your response plans should, too. A good rule of thumb is, once you have confidence in your plans, review them on an annual basis.

Incident response plans are a must for businesses of every size. Because it's not if an organization will experience an incident but when, having a documented plan to detect, contain, and respond is critical. Planning and practice can greatly minimize the time required for recovery of critical data so businesses can minimize downtime and even maintain operations during an incident.

How to Keep Incident Response Plans Current

An issue was discovered in the tshirtecommerce (aka Custom Product Designer) component 2.1.4 for PrestaShop. An HTTP request can be forged with a compromised tshirtecommerce_design_cart_id GET parameter in order to exploit an insecure parameter in the functions hookActionCartSave and updateCustomizationTable, which could lead to a SQL injection. This is exploited in the wild in March 2023.

*   Forums
*   Start Selling
*   Menu Our Products
    
    *   Digital assets subscription
    *   Tutorials & courses
    *   Create designs, videos & mockups
    
    *   Join the Envato community
    *   Learn from others in the forums
    
*   Cart 0
*   Sign In

*   All Items
    
    *   Popular Files
    *   Featured Files
    *   Top New Files
    *   Follow Feed
    *   Top Authors
    *   Top New Authors
    *   Public Collections
    *   View All Categories
    
*   PHP Scripts
    
    *   Popular Items
    *   Add-ons
    *   Calendars
    *   Countdowns
    *   Database Abstractions
    *   Forms
    *   Help and Support Tools
    *   Images and Media
    *   Loaders and Uploaders
    *   Navigation
    *   News Tickers
    *   Polls
    *   Project Management Tools
    *   Ratings and Charts
    *   Search
    *   Shopping Carts
    *   Social Networking
    *   Miscellaneous
    
*   WordPress
    
    *   Popular Items
    *   Add-ons
    *   Advertising
    *   Calendars
    *   eCommerce
    *   Elementor
    *   Forms
    *   Forums
    *   Galleries
    *   Interface Elements
    *   Media
    *   Membership
    *   Newsletters
    *   SEO
    *   Social Networking
    *   Utilities
    *   Widgets
    *   Miscellaneous
    *   WordPress Themes on ThemeForest
    
*   eCommerce
    
    *   Easy Digital Downloads
    *   Jigoshop
    *   Magento Extensions
    *   OpenCart
    *   osCommerce
    *   Prestashop
    *   UberCart
    *   VirtueMart
    *   WooCommerce
    *   WP e-Commerce
    *   WP Standalone
    *   Zen Cart
    *   Miscellaneous
    
*   JavaScript
    
    *   Popular Items
    *   Animated SVGs
    *   Calendars
    *   Countdowns
    *   Database Abstractions
    *   Forms
    *   Images and Media
    *   Loaders and Uploaders
    *   Media
    *   Navigation
    *   News Tickers
    *   Project Management Tools
    *   Ratings and Charts
    *   Shopping Carts
    *   Sliders
    *   Social Networks
    *   Miscellaneous
    
*   CSS
    
    *   Popular Items
    *   Animations and Effects
    *   Buttons
    *   Charts and Graphs
    *   Forms
    *   Layouts
    *   Navigation and Menus
    *   Pricing Tables
    *   Tabs and Sliders
    *   Miscellaneous
    
*   Mobile
    
    *   Popular Items
    *   Android
    *   Flutter
    *   iOS
    *   Native Web
    *   Titanium
    
*   HTML5
    
    *   Popular Items
    *   3D
    *   Ad Templates
    *   Canvas
    *   Charts and Graphs
    *   Forms
    *   Games
    *   Libraries
    *   Media
    *   Presentations
    *   Sliders
    *   Storage
    *   Templates
    *   Miscellaneous
    
*   Skins
    
    *   Popular Items
    *   Bootstrap
    *   Miscellaneous
    
*   WP Themes
*   Plugins
    
    *   Popular Items
    *   Concrete5
    *   Drupal
    *   ExpressionEngine
    *   Joomla
    *   Magento Extensions
    *   Muse Widgets
    *   OpenCart
    *   osCommerce
    *   Prestashop
    *   Ubercart
    *   VirtueMart
    *   Zen Cart
    *   Miscellaneous
    
*   Mockup Generator
*   More
    
    *   .NET
    *   Apps
    *   Facebook
    

Regular License

Regular License Selected

**$50**

Use, by you or one client, in a single end product which end users **are not** charged for. The total price includes the item price and a buyer fee.

Extended License Selected

**$300**

Use, by you or one client, in a single end product which end users **can be** charged for. The total price includes the item price and a buyer fee.

**$50**

*   Included: Quality checked by Envato
*   Included: Future updates
*   Not included: dangcv does not support this item
*   What is support?

_Price is in US dollars and excludes tax_

Elite Author

Last Update

24 July 2019

Published

22 December 2016

High Resolution

No

Compatible Browsers

IE11, Firefox, Safari, Opera, Chrome, Edge

Files Included

JavaScript JS, HTML, CSS, PHP

Software Version

PrestaShop 1.7.6.x, PrestaShop 1.7.5.x, PrestaShop 1.7.4.x, PrestaShop 1.7.3.x, PrestaShop 1.7.2.x, PrestaShop 1.7.1.x, PrestaShop 1.7.0.x, PrestaShop 1.6.1.x, PrestaShop 1.6.1, PrestaShop 1.6.0.x, PrestaShop 1.5.6, PrestaShop 1.5.5, PrestaShop 1.5.4, PrestaShop 1.5.3, PrestaShop 1.5.2, PrestaShop 1.5.1, PrestaShop 1.5.0, PrestaShop 1.5.x

Tags

custom product online, design tool, html5, Online Design Tool, online t-shirt designer, prestashop, PrestaShop design tool, product design tool, product designer, T-shirt Designer, t-shirt ecommerce

*   Millions of creative assets, unlimited downloads.
    
    One low cost subscription. Cancel any time.
    
*   Effortless design and video.  
    Made online by you.
    
    Smart templates ready for any skill level.
    

Price is in US dollars and excludes tax

Price is in US dollars and excludes tax

Price is in US dollars and excludes tax

Price is in US dollars and excludes tax

Price is in US dollars and excludes tax

Price is in US dollars and excludes tax

CVE-2023-27638: PrestaShop Custom Product Designer

An issue discovered in MEGAFEIS, BOFEI DBD+ Application for IOS & Android v1.4.4 allows authenticated attacker to gain access to sensitive account information

An information disclosure issue was discovered allowed an attacker within Bluetooth broadcast range of a target Megafeis-branded Smartlock to acquire sensitive information. This information was the email address and phone number associated with accounts which owned Megafeis smart locks.

The username can then be combined with the API server's password reset issue (CVE-2022-45637) or the API server's password policy issue (CVE-2022-45635) to facilitate an attacker's efforts take over the target user's account.

As of this advisory's publishing date, there has been no response from the manufacturer, nor is WithSecure aware of any remedial action taken.

Additional information on this issue, along with related issues discovered by the researcher, can be found in the following locations:

*   The Megafeis-palm: Exploiting Vulnerabilities to Open Bluetooth SmartLocks publication
*   The associated GitHub repository:  https://github.com/WithSecureLabs/megafeis-palm

To demonstrate an attacker's ability to expose the email or phone number associated with a Megafeis smart lock owner's account, the following steps can be performed within version 1.4.2 of the DBD+ application:

*   Log in to the DBD+ application using a valid account.
*   Once authenticated, press the "Add" button.
*   Once a device advertising its Megafeis model number is discovered, tap on it.
*   If the lock is already bound to a user, the resulting permission request will expose its owner's login username.  
    

The screenshots below illustrate these steps from the view of the mobile application and reveal the username/email address of a test user researchers created while investigating this issue:

CVE-2022-45634: Username Disclosure Vulnerability in DBD+ Application Used by Megafeis Smart Locks

General Bytes Crypto Application Server (CAS) 20230120, as distributed with General Bytes BATM devices, allows remote attackers to execute arbitrary Java code by uploading a Java application to the /batm/app/admin/standalone/deployments directory, aka BATM-4780, as exploited in the wild in March 2023. This is fixed in 20221118.48 and 20230120.44.

CVE-2023-28725: Changelog | GENERAL BYTES

An issue discovered in MEGAFEIS, BOFEI DBD+ Application for IOS & Android v1.4.4 allows attacker to unlock model(s) without authorization via arbitrary API requests.

An authorization issue was discovered in the HTTP API used by the DBD+ mobile companion application, which is used to manage Megafeis branded smart locks. An authenticated user that is able to forge request signing keys can utilize this vulnerability to perform arbitrary API requests. This would grant them the ability to enumerate, transfer ownership of, and unlock any Megafeis smart lock within physical proximity using only the lock's MAC address, which it broadcasts over Bluetooth.

As of this advisory's publishing date, there has been no response from the manufacturer, nor is WithSecure aware of any remedial action taken.

Additional information on this issue, along with related issues discovered by the researcher, can be found in the following locations:

*   The Megafeis-palm: Exploiting Vulnerabilities to Open Bluetooth SmartLocks publication
*   The associated GitHub repository:  https://github.com/WithSecureLabs/megafeis-palm

Detailed information on this issue's exploitation and discovery can be found at the associated publication, Megafeis-palm: Exploiting Vulnerabilities to Open Bluetooth SmartLocks.

The authorization scheme's weakness can be attributed to two main factors. The first factor is Megafeis' solitary use of a signing key to validate requests sent from the DBD+ application to the backend API server. The second factor is that although session tokens are being sent with each web request to the API, the session tokens do not appear to be used for checking if a user is authorized to make that request.

The signing key was included in a custom HTTP header called "SecSignDest". Version 1.4.2 of the DBD+ application exposed its generation process as being a concatenation of various fixed and dynamic values. They are listed in order below:

*   The string "OKLOK"
*   The request's timestamp
*   Truncated data from the request's body
*   The API endpoint to which the request is being sent

After the above information is combined into a single string, a MD5 hash value is generated of that string. The resulting hash value is then used as the "SecSignDest" HTTP header value.

Recreating this formula to forge request signing keys allowed users to send arbitrary authorized requests to the API. Since the server did not perform proper authorization checks, this allowed arbitrary actions to be performed on other users' accounts (i.e. lock ownership reassignment).

To better demonstrate the above, WithSecure modified the source code of the DBD+ application to also add two additional HTTP headers with each web request.

*   The first header, "AbdullahMKey" is the previously mentioned concated string
*   The second header, "FinalDigest", is a MD5 hash of the "AbdullahMKey" header value

Below is a sample API request sent from the modified application, showing the additional headers mentioned. Note that the "FinalDigest" and "SecSignDest" header values are the same:

WithSecure also put the "AbdullahMKey" header value through a MD5 hash tool, which outputed the same hash value as "FinalDigest" and "AbdullahMKey", as shown in the image below. This demonstrates that the application generated the "SecSignDest" value using the method discovered by the researcher.

WithSecure created a proof of concept script that can be used to fully exploit this issue and take over any Megafeis-branded smart lock. The script requires the MAC address of the target smart lock as well as the attacker's DBD+ account username and password. The script was successfully tested on Megafeis smart lock models FB50S, GS60FB, GS40S, and GQ10FB

The script is available here: https://github.com/WithSecureLabs/megafeis-palm/blob/main/CVE-2022-45636/CVE-2022-45636\_PoC.py

CVE-2022-45636: Insecure Authorization Scheme for API Requests in DBD+ Mobile Companion Application for Megafeis Smart Locks

By Habiba Rashid
Are you wondering why your ChatGPT conversation history has been unavailable since yesterday? Well, here is why!
This is a post from HackRead.com Read the original post: ChatGPT Bug Exposes Conversation History Titles

****A ChatGPT user on Reddit first reported the bug after noticing Chinese language characters in the title of their conversation history.****

Recently, a major bug has been affecting ChatGPT, the language model trained by OpenAI, which resulted in the exposure of conversation histories and caused a temporary outage.

This bug has raised concerns over users’ privacy as some users were able to see other people’s conversation histories. Although the issue was first reported on Reddit by a user who suspected that their account was hacked, it turned out that the bug was responsible for the display of Chinese text in the sidebar.

“I never had these conversations, Reddit user

After the news spread, other users on Twitter also claimed to have seen someone else’s chat histories on their accounts.

Many users criticized ChatGPT for the exposure of conversation histories, calling it a severe violation of user privacy. However, it is important to note that the bug only leaked conversation titles and not the full histories.

Following the incident, ChatGPT temporarily disabled its chat service on Monday to investigate and fix the bug. The chat sidebar now states that the history feature is temporarily unavailable and will be restored as soon as possible.

This ChatGPT bug that exposed conversation histories highlights the need for robust privacy and security measures in online communication platforms. It serves as a reminder of the vulnerability of online communication and the importance of keeping sensitive information secure.

1.  ChatGPT Clone Apps Collecting Data on iOS, Play Store
2.  Hackers Exploiting OpenAI’s ChatGPT to Deploy Malware
3.  Alert: Scammers Pose as ChatGPT in New Phishing Scam
4.  Polymorphic Blackmamba malware created with ChatGPT
5.  Russian Hackers Eager to Bypass Restrictions in ChatGPT

I’m a student and cybersecurity writer. On a random Sunday, I am likely to be figuring out life and reading Kafka.

Tag

#ios