A security flaw in OpenAI’s ChatGPT application programming interface could be used to initiate a distributed denial-of-service attack on websites, according to a researcher. The discovery was made by Benjamin Flesch, a security researcher in Germany, who detailed the vulnerability and how it could be exploited on GitHub.
According to Flesch, the flaw lies in the API’s handling of HTTP POST requests to the /backend-api/attributions endpoint. The endpoint allows a list of hyperlinks to be provided through the “urls” parameter. The problem arises from an absence of limits on the number of hyperlinks that can be included in a single request, so attackers can easily flood requests with urls via the API.
Read more…
Source: Silicone Angle News
Related:
- New phishing campaign hits LastPass, Bitwarden users
July 15, 2026
Criminals have been found impersonating popular password managers LastPass and Bitwarden online in an attempt to trick users into sharing their login credentials, and thus access to a treasure trove of passwords and other secrets. LastPass recently issued a warning to its customers, raising awareness of the ongoing phishing campaign. However the scam also now seems to ...
- Top AI tools such as OpenClaw and Github Copilot can be hijacked to create new massive botnets
July 15, 2026
Your favorite AI service could be subverted to deploy code that turns your phone or PC into a botnet, according to researchers at Intuit, Technion, and Tel Aviv University. The technique has been given the name HalluSquatting, a portmanteau of adversarial hallucination squatting, and is similar to typosquatting in that it relies on a mistake in ...
- Warning: Scammers are using FaceTime to empty bank accounts
July 14, 2026
Apple is urging users to treat any suspicious FaceTime call or message as untrusted, especially if it involves payments, refunds, password resets, or requests for personal information. This warning appears in a broader Apple support article about scams that target iPhone and iPad users through social engineering. Apple says attackers may contact people by phone calls, FaceTime, text ...
- Microsoft tops last month’s record with 622 Patch Tuesday CVEs
July 14, 2026
Remember last month when we were awed by Microsoft’s record-setting Patch Tuesday that addressed 206 CVEs? That was a quaint era compared to this month: Redmond just rolled out patches for 622 CVEs specific to its products, slightly more than tripling last month’s all-time high. Redmond’s Patch Tuesday release is once again one for the record books, with everything under ...
- Ghostcommit attack hides malicious AI instructions in images
July 13, 2026
Ghostcommit is a proof of concept that shows how AI assistants used to review software code can be tricked by hidden instructions embedded in images. The academic ASSET Research Group showed that an attacker can place instructions inside an image file, point to it in an AGENTS.md file, and get an AI coding agent to follow those instructions during a ...
- EU-UK sanctions target Russia over Europe-wide ‘vast cyber campaign’
July 13, 2026
The European Union and the UK have announced coordinated sanctions against Russia after accusing Moscow’s FSB intelligence agency of carrying out a cyber attack in December targeting Poland’s energy grid and orchestrating a wider campaign of digital sabotage across Europe. The joint measures focus on individuals and organisations linked to Russia’s security services, with the EU ...

