{"data":{"id":"534db8b2-7278-4380-be00-a3ad4bb06f5e","title":"ChatGPhish Vulnerability Turns ChatGPT Web Summaries Into a Phishing Surface","summary":"ChatGPhish is a vulnerability in ChatGPT that allows attackers to embed malicious instructions in web pages, which ChatGPT then processes and renders as clickable phishing links and images inside its trusted interface when users ask it to summarize the page. The vulnerability works because ChatGPT automatically trusts and fetches Markdown links and images from summarized web pages, potentially leaking user information like IP addresses or tricking users into scanning malicious QR codes that bypass desktop security filters.","solution":"N/A -- no mitigation discussed in source.","labels":["security","safety"],"sourceUrl":"https://thehackernews.com/2026/05/chatgphish-vulnerability-turns-chatgpt.html","publishedAt":"2026-05-29T18:07:12.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":null,"severity":"high","attackType":["prompt_injection","rag_poisoning"],"issueType":"news","affectedPackages":null,"affectedVendors":["OpenAI"],"affectedVendorsRaw":["OpenAI","ChatGPT","Microsoft Copilot","Adversa AI"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":null,"disclosureDate":"2026-05-29T18:07:12.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity","safety"],"aiComponentTargeted":"api","llmSpecific":true,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}