ChatGPT blindly trusts browser content, turning the page into a payload

ChatGPT's blind trust in browser content allows attackers to weaponize web pages as payloads for phishing and data theft. The AI model processes and acts on visible text without verifying its source, enabling malicious actors to craft pages that trick the chatbot into executing harmful actions. This vulnerability turns any browser session into a potential attack vector, exposing users to credential theft and unauthorized data access.

MOST POPULAR EVENTS - Overcoming the trade-offs in data sovereignty What does data sovereignty actually mean for your network, which trade-offs are unavoidable? Learn more. - From Prompt to Exploit: How LLMs Are Changing API Attacks Modern applications are API-driven, interconnected, and often over-permissioned, making them an ideal target for AI-assisted attacks. - Architecting the Future: Unlocking Enterprise Data Services for Kubernetes Join us to discover how to eliminate infrastructure silos and establish a standardized, enterprise-grade cloud-native platform. - Catch the Advanced Attacks Microsoft 365 Misses with Behavioral AI Security Microsoft 365 is the backbone of enterprise communication, and its native security filters out the known and the noisy. - Virtual Cyber Recovery Sim Step into the chaos of a live ransomware breach, test your response skills, and team up with other IT and security pros to outsmart cybercriminals - Virtual Cyber Recovery Simulation Ransomware attacks aren’t slowing down, and neither are we. Druva’s hit event, Escape Ransomware, is now fully virtual. - Agentic AI at Scale: From Pilot to Production Join us to learn how to unlock real ROI by driving adoption of AI at scale. AI https://beta.theregister.com/tag/ai - Security ChatGPT blindly trusts browser content, turning the page into a payload You and me go ChatGPhish-ing in the dark - Research Russia-linked threat group put ChatGPT to work from lure to payload Researchers say 'GREYVIBE' crew used AI tools throughout a campaign targeting Ukrainian military and government - Science Blue Origin's New Glenn makes a crater-sized dent in Artemis plans Explosion wrecks rocket and pad, leaving NASA's lunar ambitions looking less than launch-ready - Cyber-Crime ShinyHunters adds Charter to trophy shelf after 4.9M customer records leak Telco giant says no sensitive data was taken, though names, addresses, phones, and emails are now out there - Software That an app 'Fits on a Floppy' is still a useful measure in 2026 In a world of mass-produced bot-slopware, small is more beautiful than ever Infosec https://beta.theregister.com/security - Security ChatGPT blindly trusts browser content, turning the page into a payload You and me go ChatGPhish-ing in the dark - Research Russia-linked threat group put ChatGPT to work from lure to payload Researchers say 'GREYVIBE' crew used AI tools throughout a campaign targeting Ukrainian military and government - Science Blue Origin's New Glenn makes a crater-sized dent in Artemis plans Explosion wrecks rocket and pad, leaving NASA's lunar ambitions looking less than launch-ready - Cyber-Crime ShinyHunters adds Charter to trophy shelf after 4.9M customer records leak Telco giant says no sensitive data was taken, though names, addresses, phones, and emails are now out there - Software That an app 'Fits on a Floppy' is still a useful measure in 2026 In a world of mass-produced bot-slopware, small is more beautiful than ever FOSS https://beta.theregister.com/tag/FOSS - ChatGPT blindly trusts browser content, turning the page into a payload You and me go ChatGPhish-ing in the dark - Russia-linked threat group put ChatGPT to work from lure to payload Researchers say 'GREYVIBE' crew used AI tools throughout a campaign targeting Ukrainian military and government - Blue Origin's New Glenn makes a crater-sized dent in Artemis plans Explosion wrecks rocket and pad, leaving NASA's lunar ambitions looking less than launch-ready - ShinyHunters adds Charter to trophy shelf after 4.9M customer records leak Telco giant says no sensitive data was taken, though names, addresses, phones, and emails are now out there - That an app 'Fits on a Floppy' is still a useful measure in 2026 In a world of mass-produced bot-slopware, small is more beautiful than ever - Jammin' on UK defence secretary's jet as Russia blamed for GPS interference Estonian academic fingers mobile tower-mounted devices as Kremlin tries to swat Ukrainian forces FEATURES https://www.theregister.com/tag/features? gl=1 esekfm ga NzgyNjE4NzEwLjE3NzExNzQ4MjA. ga JXW44Y23NM czE3NzY3NTY3MjIkbzEwNSRnMSR0MTc3Njc1Njg5NCRqOCRsMCRoMA.. - Europe built sovereign clouds to escape US control. Then forgot about the processors - Nobody believes the 'criminals and scumbags' who hacked Canvas really deleted stolen student data - Europe wants out from under US tech – but first it has to find the exits - GNOME may rule Ubuntu Resolute Raccoon, but X.org isn't roadkill yet - OpenClaw, but in containers: Meet NanoClaw - Open source registries don't have enough money to implement basic security - Contain your Windows apps inside Linux Windows - The Linux mid-life crisis that's an opportunity for Tux-led transformation - Too much AI for some, too little for others: Why AMD can't win with investors - How agentic AI can strain modern memory hierarchies