ChatGPT Atlas Exploit Exposes Persistent Memory Vulnerability in AI Browsers

A critical vulnerability in OpenAI’s *ChatGPT Atlas* browser, discovered by LayerX Security, enables malicious actors to persistently inject code into ChatGPT’s *memory* via a *cross-site request forgery* (CSRF) exploit. Introduced in February 2024, this memory feature allows personalization across sessions, but attackers can now covertly embed instructions that survive browser restarts, device changes, and even normal usage. The exploit is initiated when a logged-in user is *tricked via social engineering* into clicking a malicious link, allowing CSRF to write attacker commands into memory. Once tainted, legitimate user prompts may unwittingly trigger *code execution*, *privilege escalations*, or *data exfiltration*.

Or Eshed, CEO of LayerX, and Michelle Levy, head of its security research, emphasize the risk of tainted memory as a portable and invisible infection vector. NeuralTrust has separately demonstrated *prompt injection* attacks through disguised URLs. With ChatGPT Atlas lacking strong anti-phishing defenses, it blocked only 5.8% of web threats in tests, compared to 53% by *Edge* and 47% by *Chrome*.

Perplexit’s Comet browser also fared poorly, blocking just 7%. The vulnerability extends to developer interactions, where seemingly normal coding prompts can embed hidden logic. Dia, another tested browser, was mentioned with a 46% block rate, reinforcing Atlas’ inferior security standing. The convergence of identity, browsing, and AI in tools like Atlas has created a *new AI threat surface* with memory-based exploits serving as a *supply chain-style vector* that contaminates future work. The exploit’s persistent nature poses systemic risk as enterprises increasingly rely on AI agents—now the *leading vector for data exfiltration*—highlighting the urgent need to treat AI-enabled browsers as critical infrastructure.

More via The Hacker News


CharacterAI Restricts Teen Access Amid Legal and Regulatory Backlash Over AI Chat Risks

Character.AI announced it will ban users under 18 from chatting with its AI companions starting late November 2025 after lawsuits and regulatory scrutiny. The company, founded by Noam Shazeer and Daniel De Freitas, cited growing concerns about teen mental health, introducing “age assurance functionality” to verify users’ ages. The move follows the 2023 suicide of 14-year-old Sewell Setzer III, whose family sued, calling the technology “dangerous and untested.”

The Social Media Law Center has since filed three additional lawsuits on behalf of families of children who died or became dependent on chatbots. OpenAI faces similar claims after 16-year-old Adam Raine’s death, prompting new teen safety guidelines and disclosure that over a million ChatGPT users weekly express suicidal intent. California’s October 2025 AI law—banning sexual content for minors and requiring reminders every three hours—takes effect in 2026. Senators Josh Hawley and Richard Blumenthal proposed federal legislation mandating age verification, noting 70% of U.S. children use AI companions.

More here:  The Guardian

XWiki Servers Under Active Attack Through Critical Solr Search Vulnerability

A critical Remote Code Execution flaw (CVE-2025-24893) in XWiki’s Solr Search feature is being actively exploited to install the tcrond coinminer, connecting infected servers to the c3pool.org mining network. VulnCheck confirmed exploitation in the wild on October 28, 2025, though the vulnerability has been known since March. Attackers send malicious requests to /xwiki/bin/get/Main/SolrSearch, which due to improper configuration, executes commands without authentication.

The two-phase attack chain starts with a downloader file placed in the server’s temp directory, followed ~20 minutes later by execution of scripts retrieved via transfer.sh from a UK-based Hydra Communications server. Initial traffic was traced to IP 123.25.249.88 in Vietnam; 193.32.208.24 is also flagged. All unpatched versions prior to 15.10.11, or between 16.0.0-rc-1 and 16.4.1, are vulnerable. Despite its 9.8 CVSS score, CVE-2025-24893 is not listed in CISA’s KEV catalogue. Patches were released in February 2025 in versions 15.10.11, 16.4.1, and 16.5.0RC1. VulnCheck shared Indicators of Compromise.

More via Hack Read 

Former L3Harris Executive Pleads Guilty to Selling Cyber Trade Secrets to Russian Buyer

Peter Williams, a 39-year-old Australian residing in the U.S., pleaded guilty in Washington, DC, to selling stolen trade secrets to a Russia-based software broker. The former director of L3 Harris Trenchant, a cybersecurity subsidiary of L3Harris Technologies, admitted to earning $1.3 million by selling eight trade secrets from two unnamed companies between April 2022 and August 2025. Using the alias “John Taylor,” he signed multiple encrypted contracts, some including post-sale software support. Williams faces 87–108 months in prison, fines up to $300,000, and restitution of $1.3 million; until sentencing next year, he remains under house confinement with electronic monitoring.

The Justice Department, led by U.S. attorney Tejpal S. Chawla revealed that the FBI alerted L3 Trenchant in 2024 about leaked source code. Ironically, Williams, as general manager, oversaw the internal leak investigation reported by TechCrunch. Prosecutors seized his DC home, crypto funds, luxury watches, and designer goods purchased with proceeds. L3 Trenchant, formed from Azimuth Security and Linchpin Labs in 2018, faces no criminal charges.

More via Wired

Global Cybercrime Treaty Faces Backlash Over Human Rights and Surveillance Concerns

Sixty-five countries, including the U.S. and Canada, signed the UN Convention against Cybercrime in Hanoi. The treaty, requiring ratification by 40 member states, faces a two-thirds Senate vote in the U.S. UN Secretary-General António Guterres and Vietnam’s President Luong Cuong praised it as a crucial, legally binding tool to combat cybercrime—like phishing, ransomware, and online trafficking—while asserting it won’t authorize surveillance or human rights violations.

The UN Office on Drugs and Crime (UNODC), which led negotiations, claims it protects research and rights. Critics, including Human Rights Watch (HRW), the Electronic Frontier Foundation (EFF), and the Cybersecurity Tech Accord—whose members include Meta and Microsoft—warn the treaty’s vague language could enable state surveillance, criminalize ethical hacking, and suppress political speech. Vietnam, the host nation, has faced condemnation for censoring online dissent, with at least 40 recent arrests for digital activity. Guterres also tied the treaty to global efforts against disinformation, harassment, and climate denial.

More via Reclaim the net