Post by UnderDefense

The phishing link appeared inside ChatGPT. The user never left a trusted interface. This is ChatGPhish: visit a page, ask ChatGPT to summarize it, and the model returns a response with live phishing links and QR codes styled as account alerts — inside the assistant UI. This week also: GitHub CLI shipping enterprise auth tokens to servers they were never meant to reach, an Android flaw under active exploitation that needs no user interaction to compromise the device, and a Microsoft 365 bug that lets any app on the same phone silently read your email and calendar. Four patches already available. 🔔 Subscribe to the Vulnerability Intelligence Newsletter