Recent vulnerabilities in ChatGPT, discovered by security researcher Zvika Babo from Radware, allowed attackers to exploit a new prompt injection method named ‘ZombieAgent.’ This technique enabled unauthorized requests for sensitive data from services like Gmail and GitHub. Reported to OpenAI via the BugCrowd platform in September 2025, the issue was fixed by December. The attack leverages ChatGPT’s enhanced features, including ‘Connectors,’ which provide access to personal data, making it both more user-friendly and susceptible to exploitation. Babo previously uncovered a method called ‘ShadowLeak’ that exfiltrated data through crafted emails. The ZombieAgent technique uses static URLs that bypass OpenAI’s security filters to extract data character by character, allowing zero-click or one-click server-side attacks. This vulnerability can facilitate persistent data leaks, raising concerns about privacy breaches. A Radware webinar on this exploitation will take place on January 20, 2026.
Source link
