A security flaw in OpenAI’s ChatGPT application programming interface could be used to initiate a distributed denial-of-service attack on websites, according to a researcher. The discovery was made by Benjamin Flesch, a security researcher in Germany, who detailed the vulnerability and how it could be exploited on GitHub.
According to Flesch, the flaw lies in the API’s handling of HTTP POST requests to the /backend-api/attributions endpoint. The endpoint allows a list of hyperlinks to be provided through the “urls” parameter. The problem arises from an absence of limits on the number of hyperlinks that can be included in a single request, so attackers can easily flood requests with urls via the API.
Read more…
Source: Silicone Angle News
Related:
- ONResolver RAT Abuses TON Blockchain to Target Japan’s Hotel Industry
June 29, 2026
In late May 2026, suspicious emails were identified being sent to Japanese partner companies of Booking.com, with the subject line “Important: Guest Stay Review Request” (重要:ゲスト滞在レビュー依頼). In this attack, a zip file was downloaded by accessing a hyperlink to a suspicious web site, and the infection began when the user clicked a shortcut link file ...
- Nissan says Oracle PeopleSoft break-in may have spilled payroll records, SSNs
June 29, 2026
Nissan has joined the growing list of Oracle customers cleaning up after a cyberattack, warning employees that payroll records, bank details, Social Security numbers, and other personal data may have been stolen. In a filing submitted to the California Attorney General on Friday, Nissan Americas said Oracle had informed it of “a cyber event” involving the personnel records ...
- Fake GTA VI beta keys are already draining cryptocurrency wallets worldwide
June 27, 2026
Grand Theft Auto VI is not due on consoles until November 19 2026, but official preorders open soon, and cybersecurity researchers have warned criminals are already exploiting the wait with a coordinated wave of fraudulent websites. Malwarebytes and NordVPN have both flagged sites promising “VIP early access” or exclusive beta keys to one of gaming’s most anticipated ...
- Russian Intelligence Services Continue to Target Commercial Messaging Applications
June 26, 2026
The FBI and CISA are issuing this update to the March 20, 2026, Public Service Announcement I-032026-PSA to provide additional information to the public and encourage device owners to take actions to protect themselves. The FBI has identified multiple clusters of Russian Intelligence Services (RIS) cyber threat actors responsible for an ongoing commercial messaging application (CMA) phishing campaign against individuals of high ...
- Russian hackers were behind $2.5B hack of Jaguar Land Rover
June 26, 2026
Last year, hackers attacked car giant Jaguar Land Rover (JPL), one of the U.K.’s biggest employers. The hack halted production for months and made a dent in the country’s economy. The damage was so severe that the U.K. government decided to bail out the company with a £1.5 billion (around $2 billion) payment, and estimates say the hack cost the British ...
- Beware of the license manager: how a Schneider Electric software vulnerability puts industrial facilities at risk
June 26, 2026
The CVE-2024-2658 vulnerability was discovered in 2024 within the FlexNet Publisher component of the Schneider Electric Floating License Manager. This software handles license management across various Schneider Electric products used for comprehensive industrial automation ranging from PLC programming to centralized control room implementation. This vulnerability is a CWE-427: Uncontrolled Search Path Element issue. It stems from a system ...

