Issue #174 - November 3, 2025
- Weekly INK
- Nov 3
- 2 min read
Multiple ChatGPT Security Bugs Allow Rampant Data Theft
Source: Dark Reading
Researchers found seven weaknesses that let attackers steal chat history and “memories,” bypass safety checks, and plant malicious instructions—no deep technical skill required. For SMBs exploring AI, this signals immediate risk: tighten browsing features, restrict plug-ins, and treat AI tools like any other internet-facing app.
Microsoft: SesameOp malware abuses OpenAI Assistants API in attacks
Source: BleepingComputer
Microsoft warns a stealthy backdoor uses OpenAI’s Assistants API as a covert command-and-control channel. Because it rides on legitimate cloud traffic, normal monitoring can miss it. Businesses should review egress rules, watch for unusual API use, and lock down developer tools that can be hijacked for persistence.
Lawsuits, Investigations Piling Up in Conduent Hack
Source: Data Breach Today
After disclosing that a 2024 breach exposed data on 10.5 million people, Conduent faces growing legal and regulatory pressure. For U.S. companies handling consumer or patient data, this is a reminder: incident timelines matter, notifications must be accurate, and third-party risk and contracts can make or break your response.
Google Uncovers PROMPTFLUX Malware That Uses Gemini AI to Rewrite Its Code Hourly
Source: The Hacker News
Google on Wednesday said it discovered an unknown threat actor using an experimental Visual Basic Script (VB Script) malware dubbed PROMPTFLUX that interacts with its Gemini artificial intelligence (AI) model API to write its own source code for improved obfuscation and evasion.
CISA Adds Exploited XWiki, VMware Flaws to KEV Catalog
Source: SecurityWeek
CISA’s KEV update confirms active exploitation of an XWiki bug and a VMware privilege-escalation flaw. U.S. organizations—especially those with on-prem servers and wikis—should patch on priority, validate compensating controls, and confirm that backups and detection tools are in place for exploitation attempts already underway.