1. Forum
  2. tqwNet
  3. TQW GENTECH

  • This 'ZombieAgent' zero click vulnerability allows for silent acc

    From TechnologyDaily@1337:1/100 to All on Fri Jan 9 10:15:08 2026
    This 'ZombieAgent' zero click vulnerability allows for silent account
    takeover - here's what we know

    Date:
    Fri, 09 Jan 2026 10:00:43 +0000

    Description:
    ChatGPT was vulnerable to prompt injection, but OpenAI apparently fixed it.

    FULL STORY ======================================================================OpenAIs new apps feature enables ChatGPT to connect with external services like email and storage Radware discovered ZombieAgent, a prompt injection flaw allowing hidden commands to exfiltrate or propagate data Exploits include zero-click, one-click, persistence, and worm-like propagation; OpenAI patched it December 16

    OpenAI recently introduced a new feature for ChatGPT which, unfortunately, also puts users at risk of data exfiltration and persistent access.

    In December 2025, a feature called Connectors finally moved out of beta and into general availability. This feature allows ChatGPT to connect to numerous other apps, such as calendars, cloud storage, email accounts, and similar - gaining more context and thus providing users with better, more relevant responses.

    The feature is now called apps but, according to security researchers
    Radware, also opens up the tool to a major vulnerability - prompt injection attacks. Four methods of abuse

    Radware dubbed the vulnerability 'ZombieAgent' and in practice, its not that much different from the vulnerabilities weve seen in Gemini and other GenAI tools .

    Connecting ChatGPT to, Gmail, for example, allows the tool to read incoming emails and give contextual answers about conversations, scheduled calls and meetings, pending invitations, and similar.

    However, an incoming email could contain a hidden malicious prompt -
    something written in white font on a white background, or with font size 0. Invisible to the human eye, but still readable by the machine.

    If the victim asks ChatGPT to read that email, the tool could execute those hidden commands without user consent or interaction. The commands could be pretty much anything, from exfiltrating sensitive data to a third-party server, to using the inbox to propagate further.

    Radware identified four ways in which ZombieAgent can be abused - a
    zero-click server-side attack (the malicious prompt is in the email and ChatGPT exfiltrates data before the user even sees the content), one-click server-side attack (the prompt is in a file which the user must first
    upload), gaining persistence (a malicious command designed to be stored into ChatGPTs memory), and propagation (the malicious prompt is used to propagate further, like a worm).

    Radware said OpenAI fixed the problem on December 16 but did not detail how.

    Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the
    Follow button!

    And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/this-zombieagent-zero-click-vulnerabili ty-allows-for-silent-account-takeover-heres-what-we-know


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)